Reputation: 81
Restrict page access in IIS 6.0
I want to be able to restrict page access in a web application deployed in IIS 6.0.
Say my web applications has these pages:
a.aspx b.aspx c.aspx d.aspx
The proper way to access is "http://mysite/a.aspx"
From a.aspx the other aspx pages could be loaded. What I want to be prevent is someone typing in:
And then being served that page. Any ideas?
Thanks.
Upvotes: 1
Views: 493
Answers (3)
Reputation: 2709
You could set a variable in the page in question whose value will only be set when coming from the specific page and the first thing you check on the page in question is whether that value is set otherwise display some message or deny access.
Upvotes: 0
Reputation: 785
You could always store a session variable in a.aspx and check that variable in c.aspx and redirect back to a.aspx if it is not what you are looking for. To prevent a repeat the session variable could be destroyed in c.aspx. I am sure someone could spoof the session if they wanted to that badly but unless you have gold on that page no one is going to care, and if you have gold on that page you need different security measures anyway.
Upvotes: 0
Reputation: 854
You have a couple of options really. You could utilize some user authentication, this seems like it could be overkill for what you are attempting.
I think the easiest method if I have understood you correctly is only to allow viewing if the referring page is a.aspx So it would give a permission denied or some other message if your referring page is not a.aspx.
Upvotes: 1
Related Questions
- IIS - ignore/deny access to specific pages
- Restrict access to some .aspx pages
- Protect some pages from direct access in ASP.NET
- Sitecore restrict access to webpage
- Deny access to html page
- How do I restrict direct access to an ASP.NET web page?
- How to deny access to some pages in Asp.Net applications
- how to set roles to limit the access of pages in asp.net?
- asp.net mvc - limit access to web pages
- Asp.Net deny access on certain pages to users