|
Subject:
|
Security Question
|
|
Posted By:
|
jezywrap
|
Post Date:
|
12/12/2006 10:30:05 AM
|
How do you prevent a user from copying an address from a website that they have loged into, closing that browser, opening a new one and pasting the address and taking them directly where they left off.
What I want is if someone pastes the address into the address bar I want them to go directly to the login page and not the address entered.
|
|
Reply By:
|
dparsons
|
Reply Date:
|
12/12/2006 10:58:26 AM
|
Well this depends on how you have setup your Website security. If you use the .NET FormsAuthentication classes this is a relatively easy requirement to fulfil.
When a user logs on to your website you would do something similar to this:
FormsAuthentication.RedirectFromLoginPage([username], [true||false])
Now, the bool value is what you need to be concerned with, if it is set to true the runtime will create a cookie on the users PC that will presist for 50 years if it is set to false the cookie will only persist for as long as the browser is open.
With that said, as long as you dont give the user the ability to stay logged into your website (a poor useability choice IMHO) you can manually set this to false in all of your code. Now say you have a directory structure like this:
**root files
-->default.aspx
-->otherfile.aspx
**super_secert_directory**
-->super_secert_file.aspx
Lets say that the file super_secert_file.aspx is the page you dont want the user to directly link to once they have closed their browser what you need to do is add a web.config file to that directory that looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
If a user links directly to this page (and you have not allowed them to persist their logon cookie) they will be directed to the logon page. What this web config file "says" is that all anonomous users are not allowed to view ANY file in that directory. So if you had, say, 10 files in there, a user who isnt logged on couldnt view any of them!
Again this is assuming you are using forms authentication and it is, by far, the fastest way to achieve what you are asking.
hth.
-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.
^^Thats my signature
|
|
Reply By:
|
jezywrap
|
Reply Date:
|
12/12/2006 11:19:30 AM
|
Thanks for the quick response. I'll give it a shot.
|
|
Reply By:
|
jezywrap
|
Reply Date:
|
12/13/2006 9:07:50 AM
|
It worked. Thanks again.
|
|
Reply By:
|
dparsons
|
Reply Date:
|
12/13/2006 9:39:46 AM
|
No problem, glad it worked for you.
-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.
^^Thats my signature
|
