ASP.Net webpages security hack

I have an ASP.Net, VB.Net (1.1 framework) web application that has 5 webpages in it.

I would like the users to go in a sequential flow. so for example: they should navigate
page1.aspx->page2.aspx->page3->page4->page5 by clicking the next buttons.

Now, I would like to prohibit them from typing and changing the webpage name directly in the Web browsers address bar. So they should not be able to go from page1.aspx to page3.aspx directly. And if they tried to do so they should not have access to that renamed page.

I have seen some banks implement such security. Please advise how can we implement it in a small size company?


Who is Participating?
There is one problem with using Request.UrlReferrer and that is the fact that it can be blocked by certain users. Not often but it does. I'd use a Session variable to track how far a user is thru the process:

Session("Page") = "1"

If they try to goto Page4.aspx, the Session("Page") = "1" so they can be re-directed back. When they goto page 2, update Session variable to "2". etc.
You could use the Request.UrlReferrer object to track which page they came from.  For each page you could check that object during load to make sure they came from the page you intended.
Before doing the Response.redirect, check the following condition

If Not Request.ServerVariables("HTTP_REFERER") Is Nothing Then
End If
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Ricky66Author Commented:
Let me give these a try and I will get back to you.  Thanks.
You may also need to use Application State in case user has several browser windows open and uses back button etc!
Ricky66Author Commented:
Thank you all!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.