Monday, December 21, 2009

WARNING: Request.ApplicationPath and Forms Authentication

In previous post I have made some remarks about using Request.ApplicationPath concatenation with app. running in the root.

Another risc with this approach is related to "cookieless Form based autentication". In this case URLs contain auth. token as part of the URI path. However Request.ApplicationPath does not contain this token segment.

Thus using this "fixed: version of concat:

HyperLink2.NavigateUrl = Request.ApplicationPath.Length > 1 ? Request.ApplicationPath + "/foobar.txt" : "/foobar.txt";
is also incorrect, and will produce link without the auth. token.

No comments:

Post a Comment