Usage of "Request.UrlReferrer"

Discussion in 'ASP .Net' started by Guest, Dec 25, 2003.

  1. Guest

    Guest Guest

    I've got \\root\folder\Page2.aspx that I want to controll
    access to, by establishing a rule that says "previous URL
    must be '\\root\folder\Page1.aspx' (which did password
    validation). The code snippet below does 1) allow valid
    Page_Load if referring URL was 'Page1', and 2) disallows
    Page_Load if the *initial* access attempt was PRIOR to
    any valid load of 'Page2'...
    <code>
    // In Page_Load...
    // check the prior URL and make sure our access
    // came from the correct first page.
    //
    bool bBadRef = false;
    System.Uri referrer = Request.UrlReferrer;
    if (referrer == null)
    bBadRef = true;
    else
    {
    string csRef = "NONE";
    string csRefPath = "NONE";
    try
    {
    csRef = referrer.AbsoluteUri;
    csRef = csRef.ToLower();
    csRefPath = csRef.Substring(csRef.IndexOf
    ("folder"));
    }
    catch (Exception refxc)
    {
    throw new Exception(csRef);
    }
    if (csRefPath != "folder/Page1.aspx")
    {
    bBadRef = true;
    }
    }
    if (bBadRef)
    {
    this.Response.Close();
    return;
    }
    </code>

    PROBLEM: If *after* I accomplish a valid access to Page2
    (i.e. via Page1), then browse to a completely different
    unrelated web page, I am then able to *directly* plug the
    Page2 URL into my browser Address field and validation
    does NOT fail! Could this be due to some kind of
    caching effect that I'm not taking into account?
    I'm rather new to aspx, so consider this a 'newbie'
    question! Thanks!
    Jim
     
    Guest, Dec 25, 2003
    #1
    1. Advertising

  2. Guest

    Hermit Dave Guest

    just use forms control and get the redir to login page on un authorised
    access....

    you might find the following links useful...

    How To: Create GenericPrincipal Objects with Forms Authentication (.NET
    Framework Security)
    Create and handle GenericPrincipal and FormsIdentity objects when using
    Forms authentication. (9 printed pages)
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetht04.asp
    Forms Authentication Provider (.NET Framework Developer's Guide)
    Forms authentication generally refers to a system in which unauthenticated
    requests are redirected to an HTML form, using HTTP client-side redirection.
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconthecookieauthenticationprovider.asp
    Simple Forms Authentication (.NET Framework Developer's Guide)
    This example presents the simplest possible implementation of ASP.NET forms
    authentication. It is intended to illustrate the basic fundamentals of how
    to create an ASP.NET application that uses forms authentication.
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsimplecookieauthentication.asp
    Simple Forms Authentication (.NET Framework Developer's Guide)
    This example presents the simplest possible implementation of ASP.NET forms
    authentication. It is intended to illustrate the basic fundamentals of how
    to create an ASP.NET application that uses forms authentication.
    http://msdn.microsoft.com/netframew...uide/html/cpconsimplecookieauthentication.asp
    Simple Forms Authentication (.NET Framework Developer's Guide)
    This example presents the simplest possible implementation of ASP.NET forms
    authentication. It is intended to illustrate the basic fundamentals of how
    to create an ASP.NET application that uses forms authentication.
    http://msdn.microsoft.com/vcsharp/u...uide/html/cpconsimplecookieauthentication.asp
    Simple Forms Authentication (.NET Framework Developer's Guide)
    This example presents the simplest possible implementation of ASP.NET forms
    authentication. It is intended to illustrate the basic fundamentals of how
    to create an ASP.NET application that uses forms authentication.
    http://msdn.microsoft.com/webservic...uide/html/cpconsimplecookieauthentication.asp
    How To: Use Forms Authentication with SQL Server 2000 (.NET Framework
    Security)
    Implement Forms authentication against a SQL Server credential store. It
    also shows you how to store password digests in the database. (12 printed
    pages)
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT03.asp
    How To: Use Forms Authentication with Active Directory (.NET Framework
    Security)
    Implement Forms authentication against an Active Directory credential store.
    (11 printed pages)
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetht02.asp
    Forms Authentication Across Applications (.NET Framework Developer's Guide)
    ASP.NET supports forms authentication in a distributed environment, either
    across applications on a single server or in a Web farm.
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp

    Regards,

    HD

    <> wrote in message
    news:018f01c3ca7e$ceef1190$...
    > I've got \\root\folder\Page2.aspx that I want to controll
    > access to, by establishing a rule that says "previous URL
    > must be '\\root\folder\Page1.aspx' (which did password
    > validation). The code snippet below does 1) allow valid
    > Page_Load if referring URL was 'Page1', and 2) disallows
    > Page_Load if the *initial* access attempt was PRIOR to
    > any valid load of 'Page2'...
    > <code>
    > // In Page_Load...
    > // check the prior URL and make sure our access
    > // came from the correct first page.
    > //
    > bool bBadRef = false;
    > System.Uri referrer = Request.UrlReferrer;
    > if (referrer == null)
    > bBadRef = true;
    > else
    > {
    > string csRef = "NONE";
    > string csRefPath = "NONE";
    > try
    > {
    > csRef = referrer.AbsoluteUri;
    > csRef = csRef.ToLower();
    > csRefPath = csRef.Substring(csRef.IndexOf
    > ("folder"));
    > }
    > catch (Exception refxc)
    > {
    > throw new Exception(csRef);
    > }
    > if (csRefPath != "folder/Page1.aspx")
    > {
    > bBadRef = true;
    > }
    > }
    > if (bBadRef)
    > {
    > this.Response.Close();
    > return;
    > }
    > </code>
    >
    > PROBLEM: If *after* I accomplish a valid access to Page2
    > (i.e. via Page1), then browse to a completely different
    > unrelated web page, I am then able to *directly* plug the
    > Page2 URL into my browser Address field and validation
    > does NOT fail! Could this be due to some kind of
    > caching effect that I'm not taking into account?
    > I'm rather new to aspx, so consider this a 'newbie'
    > question! Thanks!
    > Jim
     
    Hermit Dave, Dec 25, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hector Bejarano

    Request.UrlReferrer is nothing

    Hector Bejarano, Jul 8, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    840
    Hector Bejarano
    Jul 8, 2003
  2. Harley

    problems with Request.UrlReferrer

    Harley, Aug 9, 2003, in forum: ASP .Net
    Replies:
    5
    Views:
    6,619
    John Saunders
    Aug 10, 2003
  3. Ivan Demkovitch

    Request.UrlReferrer is NULL ???

    Ivan Demkovitch, Jan 30, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    5,461
    Kevin Spencer
    Jan 30, 2004
  4. Oney
    Replies:
    3
    Views:
    4,148
  5. -=franz=-

    Request.UrlReferrer doesn't work

    -=franz=-, Sep 9, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    1,272
    Joerg Jooss
    Sep 9, 2004
Loading...

Share This Page