Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I prevent the direct call of an URL in an ASP.NET / IIS environment?

Tags:

.net

asp.net

iis

How can I achieve in an ASP.NET application, that a set of URLs/ASPX pages (parts of the application) cannot be called directly from the user in the Browser? These urls/pages may only be referenced in the application itself.

like image 697
uhu Avatar asked Dec 31 '25 22:12

uhu

1 Answers

You can't. If a user can get to a page, they will be able to call it directly. You can't control peoples browsers...

One option is to look at the "HTTP_REFERER" header and if it is empty or has an unexpected value redirect. This does mean that your application will have to set it.

Another one is to create a custom header ("X-my-app", for instance) and if it does not exist, redirect.

like image 97
Oded Avatar answered Jan 03 '26 14:01

Oded
Sign in to Comment

Related questions

How to avoid setting field values directly so to always trigger a setter, and PropertyChanged notifications
Private key encryption in .NET 4.0 of a very large number
Quickstart on Windows 8 tablet
Utility and good practice of the Dispatcher
ContentPlaceHolderID added as prefix to my form fields

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!