Check if user went randomly to a page.

Discussion in 'ASP .Net' started by tshad, Jan 14, 2005.

  1. tshad

    tshad Guest

    What is the best way to check if a user got to one of my pages by just
    typing in the page in the URL line verses one of the pages from my site.

    I see this in lots of places. If I have a page that can be gotten to by
    pages "A", "B", "C" and "D" - this is fine. But any other way, I want it to
    send a message saying they are not authorized or to go directly to a logon
    page.

    I am using Forms Authentication.

    Thanks,

    Tom.
    tshad, Jan 14, 2005
    #1
    1. Advertising

  2. Forms Authentication is your best bet.
    It is easily configured in your web.config file.
    Here's more information:
    http://www.dotnetbips.com/displayarticle.aspx?id=9


    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net




    "tshad" <> wrote in message
    news:ujjQnOd%...
    > What is the best way to check if a user got to one of my pages by just
    > typing in the page in the URL line verses one of the pages from my site.
    >
    > I see this in lots of places. If I have a page that can be gotten to by
    > pages "A", "B", "C" and "D" - this is fine. But any other way, I want it
    > to send a message saying they are not authorized or to go directly to a
    > logon page.
    >
    > I am using Forms Authentication.
    >
    > Thanks,
    >
    > Tom.
    >
    Steve C. Orr [MVP, MCSD], Jan 14, 2005
    #2
    1. Advertising

  3. tshad

    tshad Guest

    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:%23H7AD%23d%...
    > Forms Authentication is your best bet.
    > It is easily configured in your web.config file.
    > Here's more information:
    > http://www.dotnetbips.com/displayarticle.aspx?id=9


    That is how I have it set up now.

    What I am trying to prevent is someone doing something like bookmarking the
    page for later, logging onto another page then going directly to a page
    without going through the normal paths. He would be able to do this if he
    is already authenticated and the session (cookie) has not not timed out.

    Tom

    >
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://SteveOrr.net
    >
    >
    >
    >
    > "tshad" <> wrote in message
    > news:ujjQnOd%...
    >> What is the best way to check if a user got to one of my pages by just
    >> typing in the page in the URL line verses one of the pages from my site.
    >>
    >> I see this in lots of places. If I have a page that can be gotten to by
    >> pages "A", "B", "C" and "D" - this is fine. But any other way, I want it
    >> to send a message saying they are not authorized or to go directly to a
    >> logon page.
    >>
    >> I am using Forms Authentication.
    >>
    >> Thanks,
    >>
    >> Tom.
    >>

    >
    >
    tshad, Jan 14, 2005
    #3
  4. "tshad" <> wrote in
    news:ujjQnOd#:

    > What is the best way to check if a user got to one of my pages
    > by just typing in the page in the URL line verses one of the
    > pages from my site.
    >
    > I see this in lots of places. If I have a page that can be
    > gotten to by pages "A", "B", "C" and "D" - this is fine. But
    > any other way, I want it to send a message saying they are not
    > authorized or to go directly to a logon page.
    >
    > I am using Forms Authentication.


    Tom,

    Use Request.UrlReferrer to find out which page the user just came
    from.

    --
    Hope this helps.

    Chris.
    -------------
    C.R. Timmons Consulting, Inc.
    http://www.crtimmonsinc.com/
    Chris R. Timmons, Jan 14, 2005
    #4
  5. You could use a Session variable to keep track of which "step" the user is
    on.
    Then on each page make sure they're on the correct step and haven't jumped
    to a step they shouldn't be on. You can redirect them to the correct step.

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net


    "tshad" <> wrote in message
    news:ueJNlUe%...
    > "Steve C. Orr [MVP, MCSD]" <> wrote in message
    > news:%23H7AD%23d%...
    >> Forms Authentication is your best bet.
    >> It is easily configured in your web.config file.
    >> Here's more information:
    >> http://www.dotnetbips.com/displayarticle.aspx?id=9

    >
    > That is how I have it set up now.
    >
    > What I am trying to prevent is someone doing something like bookmarking
    > the page for later, logging onto another page then going directly to a
    > page without going through the normal paths. He would be able to do this
    > if he is already authenticated and the session (cookie) has not not timed
    > out.
    >
    > Tom
    >
    >>
    >>
    >> --
    >> I hope this helps,
    >> Steve C. Orr, MCSD, MVP
    >> http://SteveOrr.net
    >>
    >>
    >>
    >>
    >> "tshad" <> wrote in message
    >> news:ujjQnOd%...
    >>> What is the best way to check if a user got to one of my pages by just
    >>> typing in the page in the URL line verses one of the pages from my site.
    >>>
    >>> I see this in lots of places. If I have a page that can be gotten to by
    >>> pages "A", "B", "C" and "D" - this is fine. But any other way, I want
    >>> it to send a message saying they are not authorized or to go directly to
    >>> a logon page.
    >>>
    >>> I am using Forms Authentication.
    >>>
    >>> Thanks,
    >>>
    >>> Tom.
    >>>

    >>
    >>

    >
    >
    Steve C. Orr [MVP, MCSD], Jan 14, 2005
    #5
  6. UrlReferrer is not a required field. Most proxy servers and a lot of
    firewalls will strip that field out of the requests.

    "Chris R. Timmons" wrote:

    > "tshad" <> wrote in
    > news:ujjQnOd#:
    >
    > > What is the best way to check if a user got to one of my pages
    > > by just typing in the page in the URL line verses one of the
    > > pages from my site.
    > >
    > > I see this in lots of places. If I have a page that can be
    > > gotten to by pages "A", "B", "C" and "D" - this is fine. But
    > > any other way, I want it to send a message saying they are not
    > > authorized or to go directly to a logon page.
    > >
    > > I am using Forms Authentication.

    >
    > Tom,
    >
    > Use Request.UrlReferrer to find out which page the user just came
    > from.
    >
    > --
    > Hope this helps.
    >
    > Chris.
    > -------------
    > C.R. Timmons Consulting, Inc.
    > http://www.crtimmonsinc.com/
    >
    =?Utf-8?B?U2NvdHQgU2ltb25z?=, Jan 14, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Philipp

    What went wrong here?

    Philipp, Feb 6, 2005, in forum: VHDL
    Replies:
    3
    Views:
    452
    Mike Treseler
    Feb 6, 2005
  2. Kenny
    Replies:
    1
    Views:
    341
    Daniel M. Hendricks
    Dec 13, 2004
  3. darrel
    Replies:
    3
    Views:
    298
    darrel
    Jan 20, 2005
  4. venkat Murthy
    Replies:
    0
    Views:
    686
    venkat Murthy
    Apr 21, 2005
  5. Flarky
    Replies:
    3
    Views:
    78
Loading...

Share This Page