Fixing the ASP.NET Authentication Vulnerability

I'm not going to jawjack about how important this fix is, blah blah blah. Microsoft's working on a patch. In the meantime, EVERY ASP.NET developer should add this information to their Global.asax file ASAP. If you add it to the ASAX file and not the code-behind, you won't even have to recompile the app. DO THIS NOW. Please. More Info Here.

Global.asax code sample (Visual Basic .NET)

<script language="vb" runat="server">
Sub Application_BeginRequest(Sender as Object, E as EventArgs)
    If (Request.Path.IndexOf(chr(92)) >= 0 OR _
        System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) then
        Throw New HttpException(404, "Not Found")
    End If
End Sub

Global.asax code sample ( C#)

<script language="C#" runat="server">
void Application_BeginRequest(object source, EventArgs e) {
    if (Request.Path.IndexOf('\\') >= 0 ||
        System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {
        throw new HttpException(404, "not found");


Comments have been disabled for this content.