Check if user went randomly to a page.

  • Thread starter Thread starter tshad
  • Start date Start date
T

tshad

What is the best way to check if a user got to one of my pages by just
typing in the page in the URL line verses one of the pages from my site.

I see this in lots of places. If I have a page that can be gotten to by
pages "A", "B", "C" and "D" - this is fine. But any other way, I want it to
send a message saying they are not authorized or to go directly to a logon
page.

I am using Forms Authentication.

Thanks,

Tom.
 
Steve C. Orr said:
Forms Authentication is your best bet.
It is easily configured in your web.config file.
Here's more information:
http://www.dotnetbips.com/displayarticle.aspx?id=9
Click to expand...

That is how I have it set up now.

What I am trying to prevent is someone doing something like bookmarking the
page for later, logging onto another page then going directly to a page
without going through the normal paths. He would be able to do this if he
is already authenticated and the session (cookie) has not not timed out.

Tom
 
What is the best way to check if a user got to one of my pages
by just typing in the page in the URL line verses one of the
pages from my site.

I see this in lots of places. If I have a page that can be
gotten to by pages "A", "B", "C" and "D" - this is fine. But
any other way, I want it to send a message saying they are not
authorized or to go directly to a logon page.

I am using Forms Authentication.
Click to expand...

Tom,

Use Request.UrlReferrer to find out which page the user just came
from.
 
You could use a Session variable to keep track of which "step" the user is
on.
Then on each page make sure they're on the correct step and haven't jumped
to a step they shouldn't be on. You can redirect them to the correct step.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net


tshad said:
Steve C. Orr said:
Forms Authentication is your best bet.
It is easily configured in your web.config file.
Here's more information:
http://www.dotnetbips.com/displayarticle.aspx?id=9
Click to expand...

That is how I have it set up now.

What I am trying to prevent is someone doing something like bookmarking
the page for later, logging onto another page then going directly to a
page without going through the normal paths. He would be able to do this
if he is already authenticated and the session (cookie) has not not timed
out.

Tom
Click to expand...
 
UrlReferrer is not a required field. Most proxy servers and a lot of
firewalls will strip that field out of the requests.
 
Back
Top