Hi Everybody,
I have problem regarding security of the page. I want that the every asp.net
web page is accessed via application. If a user directly access the page via
writing the address of the page in the address bar. Then It should be
blocked to access the page.
I have two options in my mind.
1. Using Query String Parameters
2. Using Session Object
But I got the following problem with these techniques.
WIth Query String the problem is that if the user access the page via
application then the query string parameters are shown in the address bar so
there he can used these parameters in the direct access, which i did not
want.
With Session Object, If the user login from the application then its session
is created. so now he can write the direct address in the address bar to
access the page directly which i dont want.
Actully My application is frames base application.
There are threee frames vertically
1) Header
2) Body ( Body Portion contains the two horizontal frames )
2.1) Menu
2.2) Content
3) Footer
In the menu area user selects the menu and against that menu the page is
loaded in the content portion.
So please help me how can i block user to access the page directly.
Regards,
Muhammad Jamil NawazThe Request object will have an HttpRequest.UrlReferrer Property. If this
property does not have a value then it means that the user has typed the
URI. This is not a foolproff method though but can still keep the average
user.
Regards,
Trevor Benedict R
MCSD
"Muhammad Jamil Nawaz" <jamfiza12@.hotmail.com> wrote in message
news:%23$JElX80FHA.2752@.TK2MSFTNGP12.phx.gbl...
> Hi Everybody,
> I have problem regarding security of the page. I want that the every
> asp.net
> web page is accessed via application. If a user directly access the page
> via
> writing the address of the page in the address bar. Then It should be
> blocked to access the page.
> I have two options in my mind.
> 1. Using Query String Parameters
> 2. Using Session Object
> But I got the following problem with these techniques.
> WIth Query String the problem is that if the user access the page via
> application then the query string parameters are shown in the address bar
> so
> there he can used these parameters in the direct access, which i did not
> want.
> With Session Object, If the user login from the application then its
> session
> is created. so now he can write the direct address in the address bar to
> access the page directly which i dont want.
> Actully My application is frames base application.
> There are threee frames vertically
> 1) Header
> 2) Body ( Body Portion contains the two horizontal frames )
> 2.1) Menu
> 2.2) Content
> 3) Footer
> In the menu area user selects the menu and against that menu the page is
> loaded in the content portion.
> So please help me how can i block user to access the page directly.
> Regards,
> Muhammad Jamil Nawaz
>
Use Session.
Use the sessionstate as "auto" mode (not cookieless = false) to also
take care of scenarios where cookies may be disabled (a large section
of corporates disable cookies).
Cheers,
Gaurav Vaish
http://mastergaurav.org
--
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment