Prevent direct page access
-
How do you prevent a person from directly accessing a web page by typing in the URL into a web browers or by them creating their own page with a link to page??? (in ASP.NET) In classic ASP you use to be able to check the HTTP_REFERER server variable but that doesnt exist anymore. Thanks in advance.
-
How do you prevent a person from directly accessing a web page by typing in the URL into a web browers or by them creating their own page with a link to page??? (in ASP.NET) In classic ASP you use to be able to check the HTTP_REFERER server variable but that doesnt exist anymore. Thanks in advance.
Sure, you still have access to server variables the same way you did in Classic ASP. You can also now directly check the Request.UrlReferrer property. Datagrid Girl
-
Sure, you still have access to server variables the same way you did in Classic ASP. You can also now directly check the Request.UrlReferrer property. Datagrid Girl
You can also use asp.net security and restrict access
-
Sure, you still have access to server variables the same way you did in Classic ASP. You can also now directly check the Request.UrlReferrer property. Datagrid Girl
I tried using Request.UrlReferrer before but it always returned a URL. It was never blank, which it should be when accessing a page via typing in the address box of a browser. Any other ideas?
-
You can also use asp.net security and restrict access
I have for my auth. What you suggest doesnt work because the user has already been authenticate with the browser. So once they are in, they can still access other pages if they type in the URL directly in the browser. I think the solution is using Request.UrlReferer but that doesnt seem to work like it should. Thanks for everyones input...hopefully we will find a solution to lick this problem. Much thanks in advance.
-
I tried using Request.UrlReferrer before but it always returned a URL. It was never blank, which it should be when accessing a page via typing in the address box of a browser. Any other ideas?
Hmmm, interesting. Out of curiousity, what URL does it give as the referrer if you just type in the page address? If it is simply the address of that page, maybe you can check for that and ignore that case. Datagrid Girl
-
I have for my auth. What you suggest doesnt work because the user has already been authenticate with the browser. So once they are in, they can still access other pages if they type in the URL directly in the browser. I think the solution is using Request.UrlReferer but that doesnt seem to work like it should. Thanks for everyones input...hopefully we will find a solution to lick this problem. Much thanks in advance.
Then change the path to the folder where the files are located. I know this works because I have it in place on several sites.
-
Then change the path to the folder where the files are located. I know this works because I have it in place on several sites.
I think you just lost me there. Could you explain a little bit more what you mean? Thanks.
-
Hmmm, interesting. Out of curiousity, what URL does it give as the referrer if you just type in the page address? If it is simply the address of that page, maybe you can check for that and ignore that case. Datagrid Girl
DG, I have done some more testing using UrlReferer, here is what I found out. 1) When clicking on a link to a new page (same window), the UrlReferer is set properly, everything ok 2) When typing in the link to the page (same window), the UrlReferer is set to Nothing (vb.net), everything ok 3) When typing in the link to the page (different window), ASP.NET security jumps in and forces the user to login first, everything ok 4) When clicking on a button to lauch the new page in a new window, the UrlReferer is set to Nothing, this is where my problems is... If I use jscript popup code UrlRefer is not set, verus using a hyperlink. Any ideas on how to make it work with a jscript popup code, e.g. windows.open(...)
-
DG, I have done some more testing using UrlReferer, here is what I found out. 1) When clicking on a link to a new page (same window), the UrlReferer is set properly, everything ok 2) When typing in the link to the page (same window), the UrlReferer is set to Nothing (vb.net), everything ok 3) When typing in the link to the page (different window), ASP.NET security jumps in and forces the user to login first, everything ok 4) When clicking on a button to lauch the new page in a new window, the UrlReferer is set to Nothing, this is where my problems is... If I use jscript popup code UrlRefer is not set, verus using a hyperlink. Any ideas on how to make it work with a jscript popup code, e.g. windows.open(...)
Hi David, It sounds like opening a new window is equivalent to typing in the address (which would kind of make sense), so you may be out of luck on using the referrer property in that scenario. What you could do if that's the way you're opening your links is to pass in a variable of your own, perhaps something in the QueryString. Datagrid Girl