and the user type in:
they will not be routed to the authentication page and will instead see the page.
Here are some links from the article:Slashdot: Microsoft Issues Ominous ASP.Net Security Warning
NT-Bugtraq: discovered a serious flaw in .NET forms authentication
Microsoft KB-887459: Programmatically check for canonicalization issues with ASP.NET