Anwar Chandra
Reputation: 8638
How to make sure a POST is requested from specific domain?
Is there any property in HttpRequest that can make sure if the request is a POST request and it is coming from specific domain?
private bool IsRequestedFromDomain(string domain)
{
// Request.Form is from domain ?
return false;
}
Upvotes: 1
Views: 187
Answers (3)
nothrow
Reputation: 16168
HTTP Referer, but it can be modified.
Only way how to be sure is to send some , randomly generated value to form, store it to session, and in IsRequestedFromDomain compare it.
Upvotes: 1
Wim
Reputation: 12082
Use:
Request.UrlReferrer, though it isn't reliable as it can be easily faked and may be changed by proxies.
Upvotes: 0
Rubens Farias
Reputation: 57946
Try to use
Request.ServerVariables["HTTP_REFERER"]
Note this header can be faked.
For a list of server variables, please take a look: ASP ServerVariables Collection
Upvotes: 1
Related Questions
- How do you restrict requests so they only work if it is accessed by a specific domain
- Determine if a given url (from a string) is from my domain or not
- Web API - Detecting Client Domain
- How to block requests based on post data?
- How to determine if the request is coming from a particular windows domain
- HttpWebRequest check for allowed domain
- asp.net accepting form posts from another domain
- How to check a request is from local host with ASP.NET technic
- Check Domain via Code C#
- How to get the domain of the current request?