We are looking to utilize extensionless URL's for the first time in our organization. We've requested our sys admins add a wildcard mapping to IIS6 so all requests get processed through the asp.net. They are pushing back, citing security concerns. I don't have enough information about potential security issues with the wildcard mapping to know what security issues it may or may not create. Any feedback would be appreciated.
Basically by adding wildcard mapping to IIS6 then ALL requests will be processed through the .net framework. I am not sure about security concerns but know that the performance disadvantage has never been provern
see link text