Restrict Access to Aspx Page

  • Thread starter Thread starter Jacques Oberto
  • Start date Start date
J

Jacques Oberto

Hi All,

One of the aspx pages in my application is a run-time
image generator and is called using URL by other pages
in my app.
I would like to restrict direct acces to the image generator
page from external (different domains) applications/webusers.
How can I achieve that?
Thanks,

Jacques
 
One of the aspx pages in my application is a run-time
image generator and is called using URL by other pages
in my app.
I would like to restrict direct acces to the image generator
page from external (different domains) applications/webusers.
How can I achieve that?
Click to expand...

I think I found a solution by defining a Session variable in
the code behind of the authorized pages and checking that
variable in the restricted aspx page.
 
Hi All,

One of the aspx pages in my application is a run-time
image generator and is called using URL by other pages
in my app.
I would like to restrict direct acces to the image generator
page from external (different domains) applications/webusers.
How can I achieve that?
Thanks,

Jacques
Click to expand...

Check HttpRequest parameters as in the following code

if (context.Request.UrlReferrer == null
|| context.Request.UrlReferrer.Host.Length == 0
|| context.Request.UrlReferrer.Host.CompareTo
(context.Request.Url.Host.ToString()) == 0)
{

// show image

}
 
Check HttpRequest parameters as in the following code

if (context.Request.UrlReferrer == null
|| context.Request.UrlReferrer.Host.Length == 0
|| context.Request.UrlReferrer.Host.CompareTo
(context.Request.Url.Host.ToString()) == 0)
{

// show image

}


Thanks Alexey, very useful. That should also allow to define
a group of authorized external users.

Jacques
 
Check HttpRequest parameters as in the following code

if (context.Request.UrlReferrer == null
|| context.Request.UrlReferrer.Host.Length == 0
|| context.Request.UrlReferrer.Host.CompareTo
(context.Request.Url.Host.ToString()) == 0)
{

// show image

}

Thanks Alexey, very useful. That should also allow to define
a group of authorized external users.

Jacques
Click to expand...

Then you can simply add context.Request.UrlReferrer.Host.CompareTo
("domain.com") to check if requests comes from an authorized domain.
 
Hi All,

One of the aspx pages in my application is a run-time
image generator and is called using URL by other pages
in my app.
I would like to restrict direct acces to the image generator
page from external (different domains) applications/webusers.
How can I achieve that?
Thanks,

Jacques
Click to expand...

You can create groups, and just configure acces in your web.config.
http://support.microsoft.com/kb/815151
 
Back
Top