Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Working on an ASP.NET Application I have implemented a page level access control using a custom HttpModule this HttpModule intercept each incoming request and check if the connected user can access the requested page if not it redirect him to an Error page.
Thanks in advance.
As long as there is nothing in the standard libraries which could be used for what you want, this should be fine, provided you’ve adequately tested your module. You can’t bypass a HttpModule without getting access to the server itself to modify the web.config file, and if an attacker has already done that, then this is the least of your worries!
If there IS something in the standard libraries that could be used, you should prefer this, since it will inevitably have been tested extensively by others!
I’d recommend getting a decent set of unit tests written for your module, since it will form the main line of defence for your application!