Page Security

[Z D]

Hello,

I'm trying to create an ASP.NET page that ONLY allows access if its
linked-to from another specific server. I know the IP address of this
server.

I was wondering how I'd go about setting this up in a secure way?

I considered using HTTP_REFERER but I found that its easy to spoof this and
its not very reliable.

What other options do I have? I'd like to avoid passing something in the
querystring because it's just too easy for someone to try and hack it. It
seems, however, that the querystring would be my only option. Does anybody
know of a mechanism that I can use to encrypt the querystring in a
time-dependent manner (so that the user cant copy the querystring and use it
the next day / give it to someone else).

Any suggestions?

thanks!

 

[Peter Rilling]

Do you just want this one page to be restricted or the entire site. If you
want to protect the entire site, I think that you can configure IIS to
restrict access to specific IP addresses.

 

[Mellow Yellow]

I think using IIS to restrict the IP address is only for the CLIENTS
accessing the website (ie the person with the browser).

I'm trying to let any client access the server ONLY if they've been
redirected from a specific site.