Thursday, September 6, 2007

Just Read The Manual

Kiaora Team,

I just discovered something interesting/important:

  • Use a separate cookie name (using the name attribute of the <forms> element) and path for each Web application. This will ensure that users who are authenticated against one application are not treated as authenticated when using a second application hosted by the same Web Server.

- Building Secure ASP.NET Applications

- Patterns and Practices

So, this means that my web.config should look like this from now on:

<authentication mode="Forms">

<forms name="StanleyAuth"






<deny users="?"/>




No comments:

Post a Comment