Page Security

Discussion in 'ASP .Net' started by Z D, Mar 1, 2004.

  1. Z D

    Z D Guest

    Hello,

    I'm trying to create an ASP.NET page that ONLY allows access if its
    linked-to from another specific server. I know the IP address of this
    server.

    I was wondering how I'd go about setting this up in a secure way?

    I considered using HTTP_REFERER but I found that its easy to spoof this and
    its not very reliable.

    What other options do I have? I'd like to avoid passing something in the
    querystring because it's just too easy for someone to try and hack it. It
    seems, however, that the querystring would be my only option. Does anybody
    know of a mechanism that I can use to encrypt the querystring in a
    time-dependent manner (so that the user cant copy the querystring and use it
    the next day / give it to someone else).

    Any suggestions?

    thanks!
    Z D, Mar 1, 2004
    #1
    1. Advertising

  2. Do you just want this one page to be restricted or the entire site. If you
    want to protect the entire site, I think that you can configure IIS to
    restrict access to specific IP addresses.

    "Z D" <> wrote in message
    news:O4qPvI0$...
    > Hello,
    >
    > I'm trying to create an ASP.NET page that ONLY allows access if its
    > linked-to from another specific server. I know the IP address of this
    > server.
    >
    > I was wondering how I'd go about setting this up in a secure way?
    >
    > I considered using HTTP_REFERER but I found that its easy to spoof this

    and
    > its not very reliable.
    >
    > What other options do I have? I'd like to avoid passing something in the
    > querystring because it's just too easy for someone to try and hack it. It
    > seems, however, that the querystring would be my only option. Does

    anybody
    > know of a mechanism that I can use to encrypt the querystring in a
    > time-dependent manner (so that the user cant copy the querystring and use

    it
    > the next day / give it to someone else).
    >
    > Any suggestions?
    >
    > thanks!
    >
    >
    Peter Rilling, Mar 1, 2004
    #2
    1. Advertising

  3. I think using IIS to restrict the IP address is only for the CLIENTS
    accessing the website (ie the person with the browser).

    I'm trying to let any client access the server ONLY if they've been
    redirected from a specific site.



    "Peter Rilling" <> wrote in message
    news:uaIYmT1$...
    > Do you just want this one page to be restricted or the entire site. If

    you
    > want to protect the entire site, I think that you can configure IIS to
    > restrict access to specific IP addresses.
    >
    > "Z D" <> wrote in message
    > news:O4qPvI0$...
    > > Hello,
    > >
    > > I'm trying to create an ASP.NET page that ONLY allows access if its
    > > linked-to from another specific server. I know the IP address of this
    > > server.
    > >
    > > I was wondering how I'd go about setting this up in a secure way?
    > >
    > > I considered using HTTP_REFERER but I found that its easy to spoof this

    > and
    > > its not very reliable.
    > >
    > > What other options do I have? I'd like to avoid passing something in the
    > > querystring because it's just too easy for someone to try and hack it.

    It
    > > seems, however, that the querystring would be my only option. Does

    > anybody
    > > know of a mechanism that I can use to encrypt the querystring in a
    > > time-dependent manner (so that the user cant copy the querystring and

    use
    > it
    > > the next day / give it to someone else).
    > >
    > > Any suggestions?
    > >
    > > thanks!
    > >
    > >

    >
    >
    Mellow Yellow, Mar 2, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    339
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,398
    Roedy Green
    Jan 28, 2006
  3. Akram Baig
    Replies:
    0
    Views:
    319
    Akram Baig
    Apr 7, 2011
  4. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    127
    Dinis Cruz
    Oct 11, 2003
  5. Michael Randrup
    Replies:
    3
    Views:
    284
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page