Knowing who sent you the request...

A beginners question - sorry.

IIS 7,5.

I want to redirect (or transfer) all requests from site A to site B.

At site B i only want to accept/handle traffic that has been redirected via site A.

Anything that comes straight to Site B should be handled by redirecting either to Site A, or just plain ignored.

How can i do this?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Redirect has two possibilities.
1) site a upon receiving a request generates a request to site b and returns the response to the user. This one is straight forward that you can check the source of the request.
2) upon receiving a request, site a responds with a go there. Are site a and siteb have access to common database such that up f reciept of a request site a updates a table indicating a request was received that includes an IP of the request, creates a unique identifier that is then used in the redirect to siteb I.e. Http//
Site a response go to
Site B will lookup the reference in the database and if it matches the source IP, and is within a certain amount of time since the record was created at site a, will see it as a valid site a redirect.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shalom CarmelCTOCommented:
You have 2 options:

a. Check the REFERER http header in the request, to see if it came from an authorized source.
The REFERER header can be spoofed, so take it into consideration.. It will not work for malicious users.

b. Have an ecrypted identifier created by site A, either in a cookie or in the URL. This is what SSO products do. When the identifier does not exist or is invalid - redirect user to site A. The previous responder describes a similar way.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.