Asp net 2 0 rowupdating dating family photos
If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.
Since possession of the role cache cookie is sufficient to prove role membership, if a hacker can somehow gain access to a valid user's cookie he can impersonate that user.
URL authorization rules can specify roles instead of users.
This tutorial starts with a look at how the Roles framework associates a user's roles with his security context.Figure 5: Tito Can Visit the Note When specifying URL authorization rules – for roles or users – it is important to keep in mind that the rules are analyzed one at a time, from the top down.