Home/ Questions/Q 7582197
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T18:22:40+00:00

I have an application that contains a button, on click of this button, it

  • 0

I have an application that contains a button, on click of this button, it will open a browser window using a URL with querystring parameters (the url of a page that i am coding).

Is there a way to ensure that the URL is coming from my application and only from my application – and not just anyone typing the URL manually in a webbrowser?

If not, what is the best way to ensure that a specific URL is coming from a specific application – and not just manually entered in the address bar or a web browser-

Im using asp.net.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can check if the request was made from one of the pages of your application using:

    Request.UrlReferrer.Contains("mywebsite.com")

    That’s the simple way.

    The secure way is to put a cookie on the client containing a value encrypted using a secure key or hashed using a secure salt. If the cookie is set to expire when the page is closed it should be impossible for someone to forge.

    Here’s an example:

    On the pages that would redirect to the page you are trying to protect:

      HttpCookie cookie = new HttpCookie("SecureCheck");
  //don't set the cookie's expiration so it's deleted when the browser is closed
  cookie.Value = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Session.SessionID, "SHA1");
  Response.Cookies.Add(cookie);

    On the page you are trying to protect:

      //check to see if the cookie is there and it has the correct value
  if (string.IsNullOrEmpty(Request.Cookies["SecureCheck"]) || System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Session.SessionID, "SHA1") != Request.Cookies["SecureCheck"])
    throw Exception("Invalid request. Please access this page only from the application.");
  //if we got this far the exception was not thrown and we are safe to continue
  //insert whatever code here
    • 0