Home/ Questions/Q 422743
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T19:06:41+00:00

Is there a reliable way to determine where a user is coming from in

  • 0

Is there a reliable way to determine where a user is coming from in an ASP.NET application? We have a web application that is linked to from two different locations. The two links are on separate domains, and they need to dictate certain user permissions within this app. Here’s what I have tried so far…

  • Using Request.UrlReferrer (which is the Referer HTTP header). This always returned an empty string. I believe this is because the hyperlinks use Javascript to launch a popup window. Based on my research, the user agent provides this HTTP header on standard hyperlinks. Javascript popups are a different story (evidently).

  • A simple query string to indicate the referrer. This is not really an option because we need something that is not so easy to bypass (more secure).

Any ideas? I understand that in the grand scheme of things, this could have a better overall design/structure. Please don’t post an answer suggesting I re-design everything, because that is not an option.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There’s no a reliable way to tell where an user is coming from and this is not only an ASP.NET limitation, but all web applications in general. The url referrer can be easily spoofed so it is not reliable. I think the best option could be some encrypted url parameter, or cookie if you prefer.

    So both pages should agree on common private keys.

    1. Page1 will use the key to encrypt its address and pass it to Page2
    2. Page2 will check for the presence of this parameter and try to decrypt it with the same private key used to encrypt
    3. If this succeeds it means that Page2 will be capable to determine who called it, if not, the data has been tampered
    • 0