Hello Cem,
is it possible to configure Page referer in login.aspx page so that login.aspx can be only reached from the specific page and don`t via url only...??
for example I have FileVista on the link http://ip_address/filevista/login.aspx and I will configure it so this link is ONLY accessible from one link which is for example on this page http://ip_address/test.aspx...
I know this was possible in the classic asp.... Any suggestion how this could be done in .net without to compromise the security ?
Thank You
Amel
Amel
6/17/2010 1:48 PM
I have not tested it yet, but here is the example I will show You:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Request.UrlReferrer.ToString <> "http://www.google.com"; Then
'Redirect to a webpage
ElseIf Request.UrlReferrer.ToString = "http://www.google.com"; Then
'Allow page to be viewed
End If
End Sub
but I am not sure if this will work in FileVista as I don`t have the full source code ...
Amel
Amel
6/17/2010 2:05 PM
Using the page referer is not secure as it's very easy to change it on the client.
I recommend you to examine the already existing feature which is more secure:
Pass-through login
Cem Alacayir
7/6/2010 2:06 PM
Ok, I understand, I`ll test Your suggestion ........
thank You very much Cem !!
Amel
7/8/2010 1:25 AM