Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
To prevent an attacker from tampering with the remote session or denying service, you should do the following:
Use HTTPS between the remoting client and the server
Use separate ASP.NET application contexts for various levels of privileged users, thereby preventing lower-privileged users from affecting sessions belonging to higher-privileged users.
You can also help mitigate this threat with the following deployment scenario:
ASP.NET Web client.
You can learn more about this threat by reading about the following:
Multiple levels of authorized users
ASP.NET application and IIS security
Properly-formatted TRM, DPL, SNA, IP, and other messages
Valid host user ID and password
Valid Windows user ID for Single Sign-On (SSO).