HttpServerUtility.Execute Method (String, TextWriter, Boolean)
Executes the handler for the specified virtual path in the context of the current request. A TextWriter captures output from the page and a Boolean parameter specifies whether to clear the QueryString and Form collections.
Assembly: System.Web (in System.Web.dll)
ASP.NET does not verify that the current user is authorized to view the resource delivered by themethod. Although the ASP.NET authorization and authentication logic runs before the original resource handler is called, ASP.NET directly calls the handler indicated by the method and does not rerun authentication and authorization logic for the new resource. If your application's security policy requires clients to have appropriate authorization to access the resource, the application should force reauthorization or provide a custom access-control mechanism.
You can force reauthorization by using the Redirect method instead of the method. Redirect performs a client-side redirect in which the browser requests the new resource. Because this redirect is a new request entering the system, it is subjected to all the authentication and authorization logic of both Internet Information Services (IIS) and ASP.NET security policy.
You can verify that the user has permission to view the resource by incorporating a custom authorization method that uses the IsInRole method before the application calls the method.
The following example executes the Login.aspx page on the server in the current directory and receives the output from the page through the StringWriter object writer. It writes the HTML stream received from writer to the HTTP output stream. The contents of the Form and QueryString collections are preserved.
Available since 2.0