G
Guest
Hi,
We have an aspx page designed in VS.NET 2003. Our requirement is that a client (another application), sends HEAD requests to our application with Basic Auth header. Based on security criteria, we need to "tell" the other application whether the user is allowed to use that page or not. Another criteria is that if a specific user comes to this page then the entire content of that page should be displayed to him / her.
The calling application understands standard HTTP protocols. We just need to tailor our application to suit the same.
The query is what headers should be sent to the calling application to signify that a user can access a page, alternatively what headers should be sent to the calling application to signify that a user CANNOT access a page?
I think we have to send HTTP Status code as 200 for allowing access and HTTP Status code 401.2 to deny access. The issue is how to send just the headers from ASP.NET? Is it ok if we just do
Response.clearContent(),
set the appropriate status code and
then say response.end()?
From my reading, I have found that when a HEAD request comes to an application, the application should respond with header information only and no body content should be sent. How to do this in ASP.NET page which is supposed to do both, i.e. display data in certain conditions and send only header info in case of head requests????
Please let me know if the status codes that I am trying to use are ok or not.me know.
Thanks in advance.
We have an aspx page designed in VS.NET 2003. Our requirement is that a client (another application), sends HEAD requests to our application with Basic Auth header. Based on security criteria, we need to "tell" the other application whether the user is allowed to use that page or not. Another criteria is that if a specific user comes to this page then the entire content of that page should be displayed to him / her.
The calling application understands standard HTTP protocols. We just need to tailor our application to suit the same.
The query is what headers should be sent to the calling application to signify that a user can access a page, alternatively what headers should be sent to the calling application to signify that a user CANNOT access a page?
I think we have to send HTTP Status code as 200 for allowing access and HTTP Status code 401.2 to deny access. The issue is how to send just the headers from ASP.NET? Is it ok if we just do
Response.clearContent(),
set the appropriate status code and
then say response.end()?
From my reading, I have found that when a HEAD request comes to an application, the application should respond with header information only and no body content should be sent. How to do this in ASP.NET page which is supposed to do both, i.e. display data in certain conditions and send only header info in case of head requests????
Please let me know if the status codes that I am trying to use are ok or not.me know.
Thanks in advance.