How to authenticate http request on web server

Question

I have following scenario :-

1)User opens web page test1.aspx and click on some button on test1.aspx . After click , user is redirected to webpage callback.aspx .
2)callback.aspx performs some cross domain http request using javascript to another server (like to facebook server)
3)callback.aspx then sends collected data (from another server) to webpage test2.aspx(simple web form post) .

Now , my problem is how can I make sure collected data going to test2.aspx is coming only from callback.aspx and not anywhere else . I mean any hacker can send false data to test2.aspx by making post or get request .

callback.aspx is something like authentication script , if it says is user is authenticated , test2.aspx have to believe user is authenticated . Basically , I m authentication user using oauth-2.0 client side flow .

Answer 1

There are many to achieve such requirement. The one thay first comes to mind is encrypting the data that you are sending from callback.aspx to test2.aspx. If you are able to decrypt in the test2.aspx then you are sure that the data is good.

Answer 2

Performing HTTP requests from a web page - a task commonly referred to as "screen scraping" - involves server-side code issuing an HTTP request to some other Web site, retrieving the returned results, and processing these results in some manner. For example, screen scraping is oftentimes used to grab data from another site, such as scraping the HTML from a Yahoo! Finance page to grab the current stock price for a particular stock symbol. Performing simple HTTP requests in ASP.NET requires just a few lines of code, thanks to the WebClient class. This class, found in the System.Net namespace, provides a small number of properties and methods useful for making simple HTTP requests.

https://web.archive.org/web/20211020134945/https://www.4guysfromrolla.com/articles/102605-1.aspx