|Applies To||RSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)|
RSA ACE/Agent 5.0 for Windows
Microsoft Internet Information Server (IIS) 5.0
|Issue||Using ASP's Server.Transfer() function call|
Although the use of Server.Transfer() can improve the Web server's performance, it may effectively bypass the RSA ACE/Agent protection of the transferred file. For example, if the ASP file containing Server.Transfer() is not protected by RSA's ACE/Agent, the user will not be challenged for their RSA SecurID authentication when Server.Transfer() executes a HTTP forward to another file protected by the ACE/Agent within the Web server.
|Cause||The RSA ACE/Agent on the IIS Web server is designed to intercept requests coming from outside the Web server. Therefore, RSA strongly recommends against using Server.Transfer() with the ACE/Agent in a mix-protected and mix-unprotected file environment.|
|Resolution||If your organization requires the use of Server.Transfer(), RSA recommends protecting all ASP files initiating the transfer with the ACE/Agent.|
|Legacy Article ID||a11832|