NET user control is authored declaratively and persisted as a text file with an extension. NET page framework compiles a user control on the fly to a class that derives from the System. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). In addition, you must use the IIS configuration applet to enable localhost (127.0.0.1) to relay messages through the local SMTP service. VSDISCO files are DISCO files that support dynamic discovery of Web services.
Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker? If an authentication cookie is stolen then it can be used by an attacker. NET just before it shipped, you need to set Smtp Mail's Smtp Server property to "localhost" even though "localhost" is the default.
Just call Set No Store on the Http Cache Policy object exposed through the Response object's Cache property, as demonstrated here: Set No Store works by returning a Cache-Controll; a private, no-store header in the HTTP response.
Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen. Note that VSDISCO files are disabled in the release version of ASP. You can reenable them by uncommenting the line in the section of Machine.config that maps *.vsdisco to System. Is it possible to prevent a browser from caching an ASPX page?
Introduction Most of the questions and answers you likely have already read. Asp Compat is an aid in migrating ASP pages to ASPX pages.