Usage of "Request.UrlReferrer"

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I've got \\root\folder\Page2.aspx that I want to controll
access to, by establishing a rule that says "previous URL
must be '\\root\folder\Page1.aspx' (which did password
validation). The code snippet below does 1) allow valid
Page_Load if referring URL was 'Page1', and 2) disallows
Page_Load if the *initial* access attempt was PRIOR to
any valid load of 'Page2'...
<code>
// In Page_Load...
// check the prior URL and make sure our access
// came from the correct first page.
//
bool bBadRef = false;
System.Uri referrer = Request.UrlReferrer;
if (referrer == null)
bBadRef = true;
else
{
string csRef = "NONE";
string csRefPath = "NONE";
try
{
csRef = referrer.AbsoluteUri;
csRef = csRef.ToLower();
csRefPath = csRef.Substring(csRef.IndexOf
("folder"));
}
catch (Exception refxc)
{
throw new Exception(csRef);
}
if (csRefPath != "folder/Page1.aspx")
{
bBadRef = true;
}
}
if (bBadRef)
{
this.Response.Close();
return;
}
</code>

PROBLEM: If *after* I accomplish a valid access to Page2
(i.e. via Page1), then browse to a completely different
unrelated web page, I am then able to *directly* plug the
Page2 URL into my browser Address field and validation
does NOT fail! Could this be due to some kind of
caching effect that I'm not taking into account?
I'm rather new to aspx, so consider this a 'newbie'
question! Thanks!
Jim
 
just use forms control and get the redir to login page on un authorised
access....

you might find the following links useful...

How To: Create GenericPrincipal Objects with Forms Authentication (.NET
Framework Security)
Create and handle GenericPrincipal and FormsIdentity objects when using
Forms authentication. (9 printed pages)
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetht04.asp
Forms Authentication Provider (.NET Framework Developer's Guide)
Forms authentication generally refers to a system in which unauthenticated
requests are redirected to an HTML form, using HTTP client-side redirection.
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconthecookieauthenticationprovider.asp
Simple Forms Authentication (.NET Framework Developer's Guide)
This example presents the simplest possible implementation of ASP.NET forms
authentication. It is intended to illustrate the basic fundamentals of how
to create an ASP.NET application that uses forms authentication.
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsimplecookieauthentication.asp
Simple Forms Authentication (.NET Framework Developer's Guide)
This example presents the simplest possible implementation of ASP.NET forms
authentication. It is intended to illustrate the basic fundamentals of how
to create an ASP.NET application that uses forms authentication.
http://msdn.microsoft.com/netframew...uide/html/cpconsimplecookieauthentication.asp
Simple Forms Authentication (.NET Framework Developer's Guide)
This example presents the simplest possible implementation of ASP.NET forms
authentication. It is intended to illustrate the basic fundamentals of how
to create an ASP.NET application that uses forms authentication.
http://msdn.microsoft.com/vcsharp/u...uide/html/cpconsimplecookieauthentication.asp
Simple Forms Authentication (.NET Framework Developer's Guide)
This example presents the simplest possible implementation of ASP.NET forms
authentication. It is intended to illustrate the basic fundamentals of how
to create an ASP.NET application that uses forms authentication.
http://msdn.microsoft.com/webservic...uide/html/cpconsimplecookieauthentication.asp
How To: Use Forms Authentication with SQL Server 2000 (.NET Framework
Security)
Implement Forms authentication against a SQL Server credential store. It
also shows you how to store password digests in the database. (12 printed
pages)
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT03.asp
How To: Use Forms Authentication with Active Directory (.NET Framework
Security)
Implement Forms authentication against an Active Directory credential store.
(11 printed pages)
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetht02.asp
Forms Authentication Across Applications (.NET Framework Developer's Guide)
ASP.NET supports forms authentication in a distributed environment, either
across applications on a single server or in a Web farm.
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp

Regards,

HD
 
Back
Top