G
Guest
I've got \\root\folder\Page2.aspx that I want to controll
access to, by establishing a rule that says "previous URL
must be '\\root\folder\Page1.aspx' (which did password
validation). The code snippet below does 1) allow valid
Page_Load if referring URL was 'Page1', and 2) disallows
Page_Load if the *initial* access attempt was PRIOR to
any valid load of 'Page2'...
<code>
// In Page_Load...
// check the prior URL and make sure our access
// came from the correct first page.
//
bool bBadRef = false;
System.Uri referrer = Request.UrlReferrer;
if (referrer == null)
bBadRef = true;
else
{
string csRef = "NONE";
string csRefPath = "NONE";
try
{
csRef = referrer.AbsoluteUri;
csRef = csRef.ToLower();
csRefPath = csRef.Substring(csRef.IndexOf
("folder"));
}
catch (Exception refxc)
{
throw new Exception(csRef);
}
if (csRefPath != "folder/Page1.aspx")
{
bBadRef = true;
}
}
if (bBadRef)
{
this.Response.Close();
return;
}
</code>
PROBLEM: If *after* I accomplish a valid access to Page2
(i.e. via Page1), then browse to a completely different
unrelated web page, I am then able to *directly* plug the
Page2 URL into my browser Address field and validation
does NOT fail! Could this be due to some kind of
caching effect that I'm not taking into account?
I'm rather new to aspx, so consider this a 'newbie'
question! Thanks!
Jim
access to, by establishing a rule that says "previous URL
must be '\\root\folder\Page1.aspx' (which did password
validation). The code snippet below does 1) allow valid
Page_Load if referring URL was 'Page1', and 2) disallows
Page_Load if the *initial* access attempt was PRIOR to
any valid load of 'Page2'...
<code>
// In Page_Load...
// check the prior URL and make sure our access
// came from the correct first page.
//
bool bBadRef = false;
System.Uri referrer = Request.UrlReferrer;
if (referrer == null)
bBadRef = true;
else
{
string csRef = "NONE";
string csRefPath = "NONE";
try
{
csRef = referrer.AbsoluteUri;
csRef = csRef.ToLower();
csRefPath = csRef.Substring(csRef.IndexOf
("folder"));
}
catch (Exception refxc)
{
throw new Exception(csRef);
}
if (csRefPath != "folder/Page1.aspx")
{
bBadRef = true;
}
}
if (bBadRef)
{
this.Response.Close();
return;
}
</code>
PROBLEM: If *after* I accomplish a valid access to Page2
(i.e. via Page1), then browse to a completely different
unrelated web page, I am then able to *directly* plug the
Page2 URL into my browser Address field and validation
does NOT fail! Could this be due to some kind of
caching effect that I'm not taking into account?
I'm rather new to aspx, so consider this a 'newbie'
question! Thanks!
Jim