Question 87984 in ASP.NET Question posted in
The official documentation can be found here.

get referrer from a specific page in same domain C# – Asp.net

My site has default.aspx page and you click submit and get to the customerinfo.aspx page. However,but they must come from the default.aspx page in the same domain. If the referrer is blank, an outside link, or their customer ID isn’t there then it redirects back to the default.aspx page so they can enter their info, otherwise it displays the customer’s data on the customerinfo.aspx page. Trying to prevent getting to the page from external URL and it shows object reference error if you do BUT just need to redirect to default page.

  Uri referrer = HttpContext.Current.Request.UrlReferrer;
        if (referrer == null || string.IsNullOrEmpty(Request.UrlReferrer.ToString()) && string.IsNullOrEmpty(Session["customerID"].ToString()))
        {
//This section is skipped because it's not a null referrer.
            Response.Redirect(url: "default.aspx", endResponse: false);
            return;
        }

        if (!IsPostBack)
        {

            if (!string.IsNullOrEmpty(Request.QueryString["customerID"]))
            {
                //This section is skipped even though there's a customer ID?
                Session["customerID"] = Request.QueryString["customerID"];
                customerInfo();
            }
            else
            {

                if (string.IsNullOrEmpty(Session["customerID"].ToString()))
                {
                    //This section is skipped because it's not an empty session, there's a customer ID.
                    Response.Redirect(url: "default.aspx", endResponse: false);
                }
                else
                {
                    //This section is hit because there's a customer ID so the string isn't empty but not sure why the first isn't hit?
                    customerInfo();
                }
            }
        }
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I was able to figure it out. Took some parts of Albert's code and made some changes to mine.

          Uri referrer = HttpContext.Current.Request.UrlReferrer;

      string urlName = Request.UrlReferrer.ToString(); // grabbing referring page address        
      
        if (referrer == null && urlName != "default.aspx")
        {
            Response.Redirect(url: "default.aspx", endResponse: false);
            return;
        } 

        if (!IsPostBack)
        {
            if(Session["customerID"] == null && urlName != "default.aspx") //If both are false they go to homepage
            {
                Response.Redirect(url: "default.aspx", endResponse: false);
            }
            else
            {
                customerInfo(); //or else they get the customer info on the customer page
            }
        }

  2. 0

    While the headers can be faked – it sill makes more work.

    And you may well just not want users to land on some page that say a external link was provided to.

    So, this will check for no referring, and even if referring is the same

        protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            // first page load.

            // user direct type in url - don't want that!
            // no referring URL at all

            if (Request.UrlReferrer == null)
            {
                // user typed in URL - no referring URL
                Response.Redirect("~/Default.aspx");
            }

            // user direct typed in this page, or selected from browser drop down/auto complete
            // so referring page is SAME as this page - again not from our landing page
             if (Request.UrlReferrer.AbsoluteUri.ToString() == Request.Url.AbsoluteUri.ToString())
            {
                Response.Redirect("~/Default.aspx");
            }
        }
    }
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search