I have two website
1) Main website: it has a link Help & Training that redirects user to another Help website.
2) Help website has no authentication rules thus anybody can visit the website directly.
Now I have a requirement to allow second website to be visited from first website's link, all the other request should be redirect to another page.
Offcourse querystring/parameter validation is not acceptable as that can be visible and constant
Is it possible, any suggestion is appreciated.
You can use http://msdn.microsoft.com/en-us/library/system.web.httprequest.urlreferrer.aspx which is just an ASP.NET wrapper around the HTTP referrer header. http://en.wikipedia.org/wiki/HTTP_referrer
This, of course, can be spoofed so don't rely on it for creating something super secure.
what if you add a get parameter to the link's url in the first site and checks for it in the second site. That's of course a very simple solution and could be cheated pretty fast.
from here:
You could use the UrlReferrer property of the request:
Request.UrlReferrer
This will read the Referer HTTP header from the request which may or may not be supplied by the client (user agent).
Hi you can use this block of code to identify from where the user came to your website
If Not IsPostBack Then
If Not Request.UrlReferrer.ToString() Is Nothing Then
referrer = Request.UrlReferrer.ToString()
End If
End If
if you want something that's not easily spoofable by average users...
site2 exposes a webservice which validates a "secret" parameter (could just be some long random string that only site1 and site2 know). this service returns a unique "token" that is only good for a small period of time. site1 appends this token to the querystring when directing the user to site2. site2 validates that the token is legit and still valid. once a token has been used, site2 no longer treats it as valid.