Solved

ASP.NET - what was the previous page (referrer)?

Posted on 2004-04-08
4
437 Views
Last Modified: 2008-02-01
I have an ecommerce app in ASP.NET which goes off to a secure site to take credit card details. The secure site sends the user back to one of my pages if the details are entered successfully, and that page converts the shopping cart into a firm order.

I don't want anyone simply entering the URL of that page, as it would try to create the order without the user first having supplied card details. One way would be to detect whether the previous page was the secure site or not. It if it was, I proceed, if not, I redirect them to the checkout page or an error page.

Is this a good approach? How do I do it?
0
Comment
Question by:crescendo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
dfiala13 earned 500 total points
ID: 10782581
That's one way to do it. There are not a lot of great options when you send off your user to another site.

Does your payment vendor send you back any token in the redirect that indicates who the user was?

But back to your question...

Yes, you can check the Request.UrlReferrer value in your pageload and if you don't like the URL redirect to another page.

if Request.UrlReferrer <> "Https://blablah.com" then
       Response.Redirect = "another Url"
End if

Note this can be a bit of a trial and error approach if you look for an exact page in the URL.

The other option, is to add a session variable that indicates you sent the user of to the payment site.  Check for the presence of the variable when the page is accessed.  If not there, redirect as above.
0
 
LVL 7

Expert Comment

by:ScrptMasta
ID: 10785383
I'm with the above comments as it pertains to loading up a session variable. However this isn't going to work if there are 2 web sites involved as each different site will setup a new session. Session variables are private to the app and we have two apps here.

I would suggest having a hidden label on the form that comes up after the secure page sends the user back. Then send an the url referrer and if it matches what the hidden label equals then, yada,yada.....
0
 
LVL 9

Author Comment

by:crescendo
ID: 10785494
Hi

The remote site isn't under my control and just redirects back to a page I specify. I could include stuff in the URL, but I'm looking for ways to avoid the possibility of the user keying in or bookmarking the URL, so that wouldn't help too much.

The UrlReferrer code shown by difiala13 does the trick, so he gets the coconut. And I'm now thinking of ditching the external site and writing something myself!

Thanks

0
 
LVL 12

Expert Comment

by:dfiala13
ID: 10828045
BTW,
If you can dynamically have them include somthing in the return URL to your site, I'd create a unique token (GUID is easy) and have the pay site  include it in the return URL and store it in a session var on your site.  When the return call comes and you are happy with the referer check that the GUID supplied by the pay site matches the GUID in session.  You can kill the token after the first successful match or it will die when the session expires.

Dim g as Guid = new Guid()

Session("PayToken") = g

Send off to Pay site with intructions to return g in the URL.

if Request.UrlReferrer = "Https://blablah.com" then
    gRecd = CType(Request.QueryString("g"), Guid)
    gToken = CType(Session("PayToken"), Guid)
   if gRecd <> gToken then
        Response.Redirect = "another Url"
   End if
  Else
       Response.Redirect = "another Url"
End if
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question