comments (not for humans)

The 8th item on the OWASP Top 10 is A8 - Failure to Restrict URL Access. This one is kind of interesting as what you see in the browser and what you see on the server are more often than not two very different things in javascript driven web apps. This is especially true for single page webapps.


[...]
I guess this happens to lots of people because I found a lot of writing about it after searching google, but I didn't find any solution I could fully use. So I created a version that should work in most cases.
[...]
When using AzMan (authorization manager) from .NET, you may get some confusing error messsages due to the fact that the DLLs are using COM. I'll try to update this post with new error messages when I run into them, but for now:
[...]
This entry will explain the steps you need to take, to use ADAM for both roles and membership in ASP.NET 2.0 and authorization manager.
[...]