Warranty request came from local server

Question

Warranty request came from local server

I have a classic ASP page that makes an XMLHTTP request to my ASP.net (C #) page, "doSomething.ashx". They are both hosted on the same server.

How can I guarantee that the request came from the local server to stop malicious users visiting the doSomething.ashx page and make false requests?

Edit:

Stupid, I forgot that I can pass the username + pw through, but it will:

HttpContext.Current.Request.IsLocal

Work just as well? Or could it suffer from creative hackers?

+4

security c # referrer

Tom gullen Jan 26 '11 at 11:59

source share

3 answers

You will need to add some token unique to this request / session. If it is simply authenticated, you can guarantee that it came from someone with details, but it can still be "faked" from this user.

You can either check all the “known” tokens with an expiration date, or use a session-based system and check its correctness in the request handler.

If only tokens are used. you will need to generate them on the server when sending the page that makes the request, and then it is checked when processing the request itself.

+2

Deanna Jan 26 '11 at 12:09

source share

Simple, you authenticate the request.

+1

Noon silk Jan 26 '11 at 12:04

source share

jcvandan · Accepted Answer · 2011-01-26T12:09:16+0000

In the HttpRequest object there is a property:

 context.Request.IsLocal

This boolean is true if the request came from the same machine!

MSDN docs:

The IsLocal property returns true if the IP address of the sender of the request is 127.0.0.1 or if the IP address of the request matches the IP address of the server.

Warranty request came from local server

More articles: