Solved

How To Check The Previous WeBsite URL You Came From

Posted on 2016-09-28
7
41 Views
Last Modified: 2016-10-17
Hi

I have two Websites
Website A
WebSite B

I want to make sure that all visitors on Site B are coming from Website A.

How i can accomplish this in ASP.net

Thanks
0
Comment
Question by:Kamal Khaleefa
7 Comments
 
LVL 25

Assisted Solution

by:Lee Savidge
Lee Savidge earned 100 total points (awarded by participants)
ID: 41819285
0
 
LVL 24

Accepted Solution

by:
Dr. Klahn earned 200 total points (awarded by participants)
ID: 41819286
  • Issue a referral URL on site A with a unique one-time referral code in the URI, e.g. http://siteb.domain.com?refer=xxxxxxx
  • Require visitors to site B have a valid referral field in the URI.
  • Let referral fields be valid for, say, five minutes.
  • When a referral is used, validate the referral, issue a local cookie to permit access if it is valid, and always empty the used referral table (see next).
  • Put used referral fields in a local table as "expired".
  • Then visitors to site B must come from site A and the referral can only be used once.

This is a workaround to the HTTP "referer" field, which (a) can be spoofed and (b) is unreliable because many browsers now strip it for privacy reasons.
1
 
LVL 52

Assisted Solution

by:Julian Hansen
Julian Hansen earned 100 total points (awarded by participants)
ID: 41819540
Remember this information can be spoofed so don't rely on this for any kind of access control.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points (awarded by participants)
ID: 41819553
is unreliable because many browsers now strip it for privacy reasons.
I have to argue with that.  I use the 'HTTP_REFERER' daily in all browsers without a problem.  It may be blocked in 'In Private' browsing but not in regular use.
0
 
LVL 24

Expert Comment

by:Dr. Klahn
ID: 41819573
Dave, here is the background on that.  At my own site, on the average I see perhaps one referral logged for every 40 accesses to a .HTML file. And yet the accessors are going directly to the desired content, not to the home page, as evidenced again by the log.  This implies to me that they are being referred from somewhere, and yet there's no referral logged.

This article gives some illumination, as ...

According to the RFC 2616:

Clients SHOULD NOT include a Referrer header field in a (non-secure) HTTP request if the referral page was transferred with a secure protocol.

So blame it on the RFC.  Any site which uses HTTP by default, but gets referrals from sites using HTTPS by default, can expect, for the most part, nothing in the referral fields.  Most modern browsers comply with this, it appears, since I very, very seldom see referrals from Google or Bing -- and the few I do see appear to be from older browsers.

new-1.gif
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41819680
I'll have to check on that.  Most of the pages I was thinking of are HTTPS connections.  And come to think of it, where I thought 'we' should be getting 'referers' we aren't so maybe we'll have to change the links to 'https'.
0
 
LVL 24

Expert Comment

by:Dr. Klahn
ID: 41846326
EE email requested stale question closure.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Having worked on larger scale sites, we found out that you are bound to look at more scalable solutions to integrating widgets, code snippets or complete applications and mesh them into functional sites, in any given composition. To share some of…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now