Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Page Security

Reply
Thread Tools

Page Security

 
 
Z D
Guest
Posts: n/a
 
      03-01-2004
Hello,

I'm trying to create an ASP.NET page that ONLY allows access if its
linked-to from another specific server. I know the IP address of this
server.

I was wondering how I'd go about setting this up in a secure way?

I considered using HTTP_REFERER but I found that its easy to spoof this and
its not very reliable.

What other options do I have? I'd like to avoid passing something in the
querystring because it's just too easy for someone to try and hack it. It
seems, however, that the querystring would be my only option. Does anybody
know of a mechanism that I can use to encrypt the querystring in a
time-dependent manner (so that the user cant copy the querystring and use it
the next day / give it to someone else).

Any suggestions?

thanks!


 
Reply With Quote
 
 
 
 
Peter Rilling
Guest
Posts: n/a
 
      03-01-2004
Do you just want this one page to be restricted or the entire site. If you
want to protect the entire site, I think that you can configure IIS to
restrict access to specific IP addresses.

"Z D" <(E-Mail Removed)> wrote in message
news:O4qPvI0$(E-Mail Removed)...
> Hello,
>
> I'm trying to create an ASP.NET page that ONLY allows access if its
> linked-to from another specific server. I know the IP address of this
> server.
>
> I was wondering how I'd go about setting this up in a secure way?
>
> I considered using HTTP_REFERER but I found that its easy to spoof this

and
> its not very reliable.
>
> What other options do I have? I'd like to avoid passing something in the
> querystring because it's just too easy for someone to try and hack it. It
> seems, however, that the querystring would be my only option. Does

anybody
> know of a mechanism that I can use to encrypt the querystring in a
> time-dependent manner (so that the user cant copy the querystring and use

it
> the next day / give it to someone else).
>
> Any suggestions?
>
> thanks!
>
>



 
Reply With Quote
 
 
 
 
Mellow Yellow
Guest
Posts: n/a
 
      03-02-2004
I think using IIS to restrict the IP address is only for the CLIENTS
accessing the website (ie the person with the browser).

I'm trying to let any client access the server ONLY if they've been
redirected from a specific site.



"Peter Rilling" <(E-Mail Removed)> wrote in message
news:uaIYmT1$(E-Mail Removed)...
> Do you just want this one page to be restricted or the entire site. If

you
> want to protect the entire site, I think that you can configure IIS to
> restrict access to specific IP addresses.
>
> "Z D" <(E-Mail Removed)> wrote in message
> news:O4qPvI0$(E-Mail Removed)...
> > Hello,
> >
> > I'm trying to create an ASP.NET page that ONLY allows access if its
> > linked-to from another specific server. I know the IP address of this
> > server.
> >
> > I was wondering how I'd go about setting this up in a secure way?
> >
> > I considered using HTTP_REFERER but I found that its easy to spoof this

> and
> > its not very reliable.
> >
> > What other options do I have? I'd like to avoid passing something in the
> > querystring because it's just too easy for someone to try and hack it.

It
> > seems, however, that the querystring would be my only option. Does

> anybody
> > know of a mechanism that I can use to encrypt the querystring in a
> > time-dependent manner (so that the user cant copy the querystring and

use
> it
> > the next day / give it to someone else).
> >
> > Any suggestions?
> >
> > thanks!
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Membership Security 403 - how to direct to Custom page instead of Login page jobs ASP .Net 4 06-24-2007 03:42 PM
Accessing higher security level from higher security level nderose@gmail.com Cisco 0 07-11-2005 10:20 PM
Going from higher security level interface to lower security interface- HELP!!! - AM Cisco 4 12-28-2004 09:52 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM
MCSA: Security MCSE: Security question Rick Sears MCSE 0 07-29-2003 08:02 PM



Advertisments