Solved

ASP.NET - what was the previous page (referrer)?

Posted on 2004-04-08
4
438 Views
Last Modified: 2008-02-01
I have an ecommerce app in ASP.NET which goes off to a secure site to take credit card details. The secure site sends the user back to one of my pages if the details are entered successfully, and that page converts the shopping cart into a firm order.

I don't want anyone simply entering the URL of that page, as it would try to create the order without the user first having supplied card details. One way would be to detect whether the previous page was the secure site or not. It if it was, I proceed, if not, I redirect them to the checkout page or an error page.

Is this a good approach? How do I do it?
0
Comment
Question by:crescendo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
dfiala13 earned 500 total points
ID: 10782581
That's one way to do it. There are not a lot of great options when you send off your user to another site.

Does your payment vendor send you back any token in the redirect that indicates who the user was?

But back to your question...

Yes, you can check the Request.UrlReferrer value in your pageload and if you don't like the URL redirect to another page.

if Request.UrlReferrer <> "Https://blablah.com" then
       Response.Redirect = "another Url"
End if

Note this can be a bit of a trial and error approach if you look for an exact page in the URL.

The other option, is to add a session variable that indicates you sent the user of to the payment site.  Check for the presence of the variable when the page is accessed.  If not there, redirect as above.
0
 
LVL 7

Expert Comment

by:ScrptMasta
ID: 10785383
I'm with the above comments as it pertains to loading up a session variable. However this isn't going to work if there are 2 web sites involved as each different site will setup a new session. Session variables are private to the app and we have two apps here.

I would suggest having a hidden label on the form that comes up after the secure page sends the user back. Then send an the url referrer and if it matches what the hidden label equals then, yada,yada.....
0
 
LVL 9

Author Comment

by:crescendo
ID: 10785494
Hi

The remote site isn't under my control and just redirects back to a page I specify. I could include stuff in the URL, but I'm looking for ways to avoid the possibility of the user keying in or bookmarking the URL, so that wouldn't help too much.

The UrlReferrer code shown by difiala13 does the trick, so he gets the coconut. And I'm now thinking of ditching the external site and writing something myself!

Thanks

0
 
LVL 12

Expert Comment

by:dfiala13
ID: 10828045
BTW,
If you can dynamically have them include somthing in the return URL to your site, I'd create a unique token (GUID is easy) and have the pay site  include it in the return URL and store it in a session var on your site.  When the return call comes and you are happy with the referer check that the GUID supplied by the pay site matches the GUID in session.  You can kill the token after the first successful match or it will die when the session expires.

Dim g as Guid = new Guid()

Session("PayToken") = g

Send off to Pay site with intructions to return g in the URL.

if Request.UrlReferrer = "Https://blablah.com" then
    gRecd = CType(Request.QueryString("g"), Guid)
    gToken = CType(Session("PayToken"), Guid)
   if gRecd <> gToken then
        Response.Redirect = "another Url"
   End if
  Else
       Response.Redirect = "another Url"
End if
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question