Sending only HTTP header information to clients

G

Guest

Hi,

We have an aspx page designed in VS.NET 2003. Our requirement is that a client (another application), sends HEAD requests to our application with Basic Auth header. Based on security criteria, we need to "tell" the other application whether the user is allowed to use that page or not. Another criteria is that if a specific user comes to this page then the entire content of that page should be displayed to him / her.

The calling application understands standard HTTP protocols. We just need to tailor our application to suit the same.

The query is what headers should be sent to the calling application to signify that a user can access a page, alternatively what headers should be sent to the calling application to signify that a user CANNOT access a page?

I think we have to send HTTP Status code as 200 for allowing access and HTTP Status code 401.2 to deny access. The issue is how to send just the headers from ASP.NET? Is it ok if we just do
Response.clearContent(),
set the appropriate status code and
then say response.end()?

From my reading, I have found that when a HEAD request comes to an application, the application should respond with header information only and no body content should be sent. How to do this in ASP.NET page which is supposed to do both, i.e. display data in certain conditions and send only header info in case of head requests????

Please let me know if the status codes that I am trying to use are ok or not.me know.

Thanks in advance.
 
J

Joerg Jooss

Dhwanil said:
Hi,

We have an aspx page designed in VS.NET 2003. Our requirement is that
a client (another application), sends HEAD requests to our
application with Basic Auth header. Based on security criteria, we
need to "tell" the other application whether the user is allowed to
use that page or not. Another criteria is that if a specific user
comes to this page then the entire content of that page should be
displayed to him / her.

The calling application understands standard HTTP protocols. We just
need to tailor our application to suit the same.

The query is what headers should be sent to the calling application
to signify that a user can access a page, alternatively what headers
should be sent to the calling application to signify that a user
CANNOT access a page?

I think we have to send HTTP Status code as 200 for allowing access
and HTTP Status code 401.2 to deny access. The issue is how to send
just the headers from ASP.NET? Is it ok if we just do
Response.clearContent(),
set the appropriate status code and
then say response.end()?

From my reading, I have found that when a HEAD request comes to an
application, the application should respond with header information
only and no body content should be sent. How to do this in ASP.NET
page which is supposed to do both, i.e. display data in certain
conditions and send only header info in case of head requests????

Please let me know if the status codes that I am trying to use are ok
or not.me know.

I don't think you need to do anything. HEAD requests are handled by IIS.
Thus, if you're ASP.NET page works for GET/POST requests, it should work for
HEAD requests as well.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,905
Latest member
Kristy_Poole

Latest Threads

Top