Missing Function Access Control
Access to these functionalities should be restricted to authenticated users. However, the current mechanism only checks whether a user exists. Any user, authenticated or not, will be able to access restricted information.
Using built-in .NET framework functionality it is possible to check if a user is properly authenticated.