Traditional security in web applications has focused on securing a file or folder through web.config. The problem with this security model is that a path is unreliable when using routing. Two different routes can lead to the same function and thus both routes need to be secured. This opens up for security holes. When looking