.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Authenticate users by Request.UrlReferrer

Posted By:      Posted Date: September 25, 2010    Points: 0   Category :ASP.Net

Hi All,

I am working on an app where users are only allowed access if they click through from certain URLs. I.e. I need to authenticate by using the referral url and I am using Request.UrlReferrer to achieve this.

I am guessing that the Request.UrlReferrer can be tampered with by malicious users to gain access...

Is there any way I can achieve the above scenario securely?

Look forward to your replies.


View Complete Post

More Related Resource Links

Security: Authenticate Users Across Organizations Using ADFS


Jack Couch looks at how to set up ADFS and when to use it; he then shows how to connect to an outside organization to offer single sign-on.

Jack Couch

MSDN Magazine December 2007

How to find incoming url of the page. ( alternative to Request.UrlReferrer)


 Request.UrlReferrer is not working. can any one  help me to find the previous page url ?

Request.UrlReferrer does not work in Internet Explorer

Hi , i have a problem in my asp application . Im trying to protect the path for my application using this code : Uri t = Request.UrlReferrer;             bool op = false;             if (t.ToString().StartsWith("https://rim-sistem.com") || (t.ToString().StartsWith("http://www.rim-sistem.com")))             {                 op = true;             }Uri t = Request.UrlReferrer;            bool op = false;            if (t.ToString().StartsWith("My web site"))            {                op = true;            }This code work with Firefox , Chrome , etc . But it doesnt work in Internet explorer , when ill delete this piece of code it work in Internet explorer but the application is not secure and can be viewed by anyone who will type the path in them broswer . Can someone tell me what it is the problem ? Thanks Martin

Authenticate users using email id instead of username in FBA



We have a web appliaction configured with FBA (sql and LDAP) and users are authenticated using their username. Now we have a requirement to authenticate users using email id instead of username. we have one solution also that requires to change entry in web.config file for membership provider but it doesn't suffice as it works only for newly added users and not existing ones and site is already in production environment with large user base. Any suggestions to meet this requirement?



Request Certificate programmatically on behalf users from an Entreprise CA

I'm programing an application that request a certificate from Microsoft Enterprise CA on behalf users. Actually, I can request a certificate (with Certenroll) by using a template. the application is hosted on IIS on the enterprise CA server. But the certificate I request belong to the computer account. My problem is that I don't know request a certificate for a specific user on AD. I have no idea how to map my certificate request to a user! Here is link that I've used to request a cert:


Thanks for help,

How Do I authenticate users from different domain of IIS?


I have the IIS webserver on Domain A.  I have many users on Domain B, C, D, E. 

I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder.  But it is still not authenticating.  So what do  I need to do to enable this feature?  I am using windows 2003 webserver.


Event id 55555 on Moss servers. Users getting problem to authenticate.


I am frequenty getting this Event id 55555 on Moss servers. Users getting problem to authenticate. Please help how to fix this event on my sharepoint farm.

Error description: Error occured while retrieving customer details from Webservice. Thread was being aborted.

Use Non-default Membership Provider to authenticate users



I have a sharepoint 2007 FBA site and in the web.config of this site I have 2 membership providers defined with the default provider as the first provider. However my FBA login form is authenticating only the default provider. How to make the login form authenticate the non-default provider also.

Thanks for any help.


MS SQL Server: Disconnect Users From Database - Kill User Session

If you ever wanted to restore your database from a SQL backup file (.bak), but there are still users connected to your database, the backup operation will fail causing the error: Exclusive access could not be obtained because the database is in use.

Enabling Users to Maintain SharePoint Content

When SharePoint is installed as a corporate intranet, there is a considerable amount of effort involved in maintaining the content to keep the site relevant. As we discussed in the first few parts of this series, SharePoint has many built-in features to reduce the burden on the site administrator.

Some areas of the site usually contain less-dynamic information. Internal memos and corporate policies are common examples of this information. One option for this information is to post these documents in a document library. Documents in a library are often stored in a few different formats: Word, Acrobat (PDF), or HTML. Each of these formats has its drawbacks.

Enabling Users to Maintain SharePoint Content

When SharePoint is installed as a corporate intranet, there is a considerable amount of effort involved in maintaining the content to keep the site relevant. As we discussed in the first few parts of this series, SharePoint has many built-in features to reduce the burden on the site administrator.



Dear gentlemen and ladies of the Microsoft Dynamic Data Team,

Mr. Steve Naughton says (and I hope so) that there might be chances that you read the posts published in this forum: I really hope so.

If that were the case then I am formally requesting to you in providing a "real answer" to my question:

I want to customize a dynamic data page (the details one) so I can have access to the data it has been already gathered from the end user UI (details.aspx) and use it to pass this same data to the following controls/pages that I am going to display next time to the end user.

For instance:

I have a screen with different types of data in it: texts, numbers, dates, check boxes, radio buttons and dropdownlists that has been filled with data by the end user. I want now to reset all fields exept the dropdownlist of which I'd like to keep the previously chosen values(the very same thing you do between dropdownlist of List.aspx ad Details.aspx). Even with FoxPro I could do that because data and controls were available there. It was as simple as setting carrying on to true.


I have found my

view state vs request parameters


If  the view state is the data entered into the form fields then they are supposed to be available in the request parameters or request body. Then why would we need view state for?


Unique ID throughout entire request



I am hoping somene here could advise me on a better solution to my present problem.  First a little background information on the application. 

I have a web application using the 3.5 framework.  The structure of this application is as follows: UI -> WebService   -> Business Layer -> DataAccess Layer.   What I want to accomplish is for every request (click on a link or button) have a unique identifer that follows this request through its entire lifecycle.  This unique identifer can be accessible anywhere within this request.  We use Response.Redirects which could easily be changed to Server.Transfers (although I do not want to do that) but  the problem lies with the web service calls.  Currently, a GUID is set in the ApplicationRequest.  This GUID checks for a guid value in the RawURL and if so, assigns this value to a HttpContext Item.  If not, HttpContext.Items gets a new one created.  However, this idea is wrong and will need to be revisisted.  The bigger problem is with the web service calls.  Without changing every web service method signature, and every call for that matter, is there a way of getting this GUID there.  I created a web method in every web service so that each time I instantiate a web service object in the UI, before calling any

Need help redirecting users to personalized page


 Hi, first timer here so be gentle.


I've been able to create a cool little website, it's up and running with users logging in and out, I created roles so my administrative team can see sensitive data that's not available to regular and anonymous users.

Now they would like me to create a page specific to each user.  For instance when user A logs in they are redirected to a page that has information that pertains to user A only (like a list of their benefits/ their remaining vacation time). This page needs to be accessible only to user A. 

I've watched a ton of the videos but have yet to see one that covers this topic, any help would be great!!!





System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend