Reputation: 6159
check if form was submitted from my website
I have a signin form on my website inside a page where users can search for stuff after signing in.
There is a third party mobile application that is letting my users signin through submitting the form on signin.aspx page from my website.
My question is how can I tell if a form is being submitted from a third party and not from my website?
Upvotes: 0
Views: 194
Answers (2)
Reputation: 86
As Claudio stated, you can not reliably use the "referer" value. The value can be spoofed. A safer approach would be to employ a CSRF token, or something akin to that.
For example, you could include the ASP.NET session ID in a hidden form element. Then, when the form is submitted, compare the value of the form element to the user's session ID. If they do not match, the form submission didn't come from your website.
Upvotes: 1
Reputation: 68440
You have the referer HTTP header but unfortunately this is not 100% accurate and in some cases it could be changed in the middle of the request.
You could add an extra parameter to your local form. If the parameter is not present, then post comes form a third party site.
Upvotes: 0
Related Questions
- How to check form submission ASP classic
- How to Check if Page is Being Displayed as a Result of Form Submission or by Other Means
- Check if Form is Submitted Without Using the Request.Form Object?
- Detect which form has been submitted in C#/ASP.NET
- checking post on page
- Check if form has submitted in aspx
- How to find source of submit using javascript
- Web browser control detect form submitted?
- Detect a page submit in jQuery
- ASP.NET catch the submit action