How can I prevent a direct url call in an ASP.NET/IIS environment?

Question

How can I prevent a direct url call in an ASP.NET/IIS environment?

How can I achieve in an ASP.NET application that the set of URLs / ASPX pages (parts of the application) cannot be called directly from the user in the browser? These URLs can only be specified in the application itself.

+3

.net asp.net iis

uhu Aug 2 '10 at 8:55

source share

1 answer

Oded · Answer 1 · 2010-08-02T08:56:38+0000

You can not. If the user can go to the page, he can call it directly. You cannot control people's browsers ...

One option is to look at the HTTP_REFERER header if it is empty or has a redirect of unexpected value. This means that your application will need to install it.

(, "X-my-app" ), , .

How can I prevent a direct url call in an ASP.NET/IIS environment?

More articles: