uhu
Reputation: 1742
How can I prevent the direct call of an URL in an ASP.NET / IIS environment?
How can I achieve in an ASP.NET application, that a set of URLs/ASPX pages (parts of the application) cannot be called directly from the user in the Browser? These urls/pages may only be referenced in the application itself.
Upvotes: 3
Views: 342
Answers (1)
Oded
Reputation: 499002
You can't. If a user can get to a page, they will be able to call it directly. You can't control peoples browsers...
One option is to look at the "HTTP_REFERER" header and if it is empty or has an unexpected value redirect. This does mean that your application will have to set it.
Another one is to create a custom header ("X-my-app", for instance) and if it does not exist, redirect.
Upvotes: 4
Related Questions
- How block specific page URL in IIS?
- Avoid user enter an invalid asp.net url
- How to prevent user from direct url entering
- How to run an url behind the scenes without displaying it in browser?
- How to ensure a url is called from my application and not manually from browser
- Stop Direct Page Calls to Ajax Pages
- Asp.net prevent Direct url usage
- Block direct access to url and allowing access by system only
- Prevent Normal Request to .ASPX pages When Implemeting URL Routing
- Webrequest Disallow AutoRedirect