I am developing an application in which I display products in a grid. There is a column in the grid with the disable / enable icon and by clicking this icon. I run a request through AJAX to my page manageProduct.aspxto enable / disable this particular product.
In my ajax request, I pass productID as a parameter, so the final ajax request is equal
http:
Now, if someone (a professional hacker or web developer) can get this URL (which is easy to get from my javascript files), he can make a script that will work like a loop and disable all my products.
So, I want to know that there is some kind of mechanism, technique or method by which, if someone tries to execute this page directly, he will return an error (the corresponding message "You are not authorized or something else") otherwise if the page is executed from the desired page, for example, when I show the list of products, it will work fine.
Mostly I want to protect my AJAX requests, so no one can execute them directly.
In PHP:
In php, my colleague protects these PHP pages by checking the page number. as below:
$back_link = $_SERVER['HTTP_REFERER'];
if ($back_link =='')
{
echo 'You are not authorized to execute this page';
}
else
{
}
Please tell me how to the same or any other but safe method in ASP.NET (C #), I use jQuery in my application to create ajax requests.
thanks