In my asp.net application i am using form authentication,after logging as a normal partner ,browse to/Admin using an HTTP proxy,the server attempts to redirect the user to the login page but the contents of /admin are still returned in HTTP response body.
when performing the authentication checks ,the application should ensure that no data is returned if the user is not admin