Sep 21, 2010 03:27 PM|DeviantSeev|LINK
Please provide more feedback.
What ASP version is on the server? (You might still be susceptible to the web.config download hack)
Are you using web forms authentication and roles or authenticating using silverlight?
Are you storing any information in session cookies?