How to validate the origin of an URL in asp.net

Sometimes a user needs to connect to a web page to access another one. We do not want him to access our site directly by copying the URL in the navigati nbar or by keeping it in his browser history. If we are talking about the same website, the easy solution is to oblige the user to sign in, but if we are talking about two separate sites the problem we want to solve is this one: how do we transfer informatin from one site to another without asking a user to identify himself a second time? This solution might not be the optimal one, but it works very well.

'Validate that the user has not typed the address inside the navigation 'bar
If Request.ServerVariables("HTTP_REFERER") Is Nothing Then
Response.Redirect("www.siteidentification")
'Validate the origin of the URL and autorize the user session
ElseIf Request.ServerVariables("HTTP_REFERER").Contains("wwww.jmsalazar.net") Then   
Session("user") = "userJMS" 
Response.Redirect("www.siteautorisé") 
Else
Response.Redirect("www.siteidentification")
End If

The HTTP_REFERER variable from ServerVariables verifies if the site really comes from the address we are expecting, but we have to validate that this variable is not empty, otherwise we will get a NullReferenceException.

This post is also available in: French, Spanish

468
s2Member®