Knowing who sent you the request...

A beginners question - sorry.

IIS 7,5.

I want to redirect (or transfer) all requests from site A to site B.

At site B i only want to accept/handle traffic that has been redirected via site A.

Anything that comes straight to Site B should be handled by redirecting either to Site A, or just plain ignored.

How can i do this?
Who is Participating?
arnoldConnect With a Mentor Commented:
Redirect has two possibilities.
1) site a upon receiving a request generates a request to site b and returns the response to the user. This one is straight forward that you can check the source of the request.
2) upon receiving a request, site a responds with a go there. Are site a and siteb have access to common database such that up f reciept of a request site a updates a table indicating a request was received that includes an IP of the request, creates a unique identifier that is then used in the redirect to siteb I.e. Http//
Site a response go to
Site B will lookup the reference in the database and if it matches the source IP, and is within a certain amount of time since the record was created at site a, will see it as a valid site a redirect.
shalomcConnect With a Mentor CTOCommented:
You have 2 options:

a. Check the REFERER http header in the request, to see if it came from an authorized source.
The REFERER header can be spoofed, so take it into consideration.. It will not work for malicious users.

b. Have an ecrypted identifier created by site A, either in a cookie or in the URL. This is what SSO products do. When the identifier does not exist or is invalid - redirect user to site A. The previous responder describes a similar way.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.