Avatar of jaysch
jayschFlag for United States of America

asked on 

Need to add re-direct code to .aspx page

Dear Experts,

My company uses an application which we don’t' have the .Net project files (source code) for. I need to make a tweak to the login page (login.aspx) which requires that the HTTP_REFERRER be from a particular URL. Is there a way I can add code that would accomplish this? I'd like to re-direct any user who doesn’t come to the login page via a particular URL.

Thanks!
ASP.NET

Avatar of undefined
Last Comment
NauticalNonsense
Avatar of NauticalNonsense
NauticalNonsense
Flag of United States of America image

Can you create a login page that does something similar to this (forgive the pseudo code)

1.) rename Login.aspx (existing) to User.aspx

Create Login.aspx

Codebehind

Page Load
if (Request.ServerVariables["HTTP_REFERER"].ToSTring() <> "whatever"
{
// redirect to dead page
}
else
{
Server.Transfer("User.aspx");
}

Granted, if someone went to User.aspx, there's no check, but you don't have the source code to Login.aspx.

The other thing that you could do is create a new login page in the application. Edit the web.config file and turn the tracing on.... after you log in, see what session variables it's setting (if it does it session based), and mimick them on your own login page. If it's forms authentication, then you can just do your own forms auth, and the app should behave as normal.

Just some thoughts...
Avatar of jaysch
jaysch
Flag of United States of America image

ASKER

NauticalNonsense,

Thanks for the info. Since I don't have access to the application files, I was hopeing I could do something in html in login.aspx like:
<%
if (Request.ServerVariables("HTTP_REFERER").ToSTring() <> "whatever" Then
Response.Redirect("dead.aspx")
else
Response.Redirect("login.aspx")
%>

Sorry, I'm a vb guy. What do you think?


Yep... what you have there is basically exactly the same thing I have. Should work like a charm.

Realize, that your Login page can be accessed directly without going through your transfer page. That's unfortunately the nature of not having the source files.

If you do a Server.Transfer, the page will not reload, but look like your source page. So for example, say your transfer page is Default.aspx where you are checking the referer. If you do a Server.Transfer, the address bar should remain as Default.aspx. If you do a resp.redir, it'll show the Login.aspx page.
Avatar of jaysch
jaysch
Flag of United States of America image

ASKER

NauticalNonsense,

OK, there is one thing I don't understand. If I add the following code:

<%
if (Request.ServerVariables("HTTP_REFERER").ToSTring() <> "MyLogin.aspx" Then
Server.Transfer("NoAccess.aspx")
else
Server.Transfer("login.aspx")
%>

To the application's original login page whcih is 'login.aspx', then how could this page be accessed directly?

MyLogin.aspx = New (door #1) login page
NoAccess.aspx = Where the user will sent if 1st login is not authenticated.
Login.aspx = The application's (I don't have source code) login page.


Here is the workflow:

MyLogin.aspx --- (if athenticated, re-direct to) ----> Login.aspx (otherwise re-direct to NoAcess.aspx)

On other words, the user has to go through two doors in order to access the application. How can he access login.aspx directly if I've added the above code?

Sorry if I'm missing something or have not been clear on my info.

Thanks



ASKER CERTIFIED SOLUTION
Avatar of NauticalNonsense
NauticalNonsense
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
I disagree. Answered the question and gave him the work around to do what was needed.

ASP.NET
ASP.NET

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

128K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo