This code snippet is used for making sure a page request is coming from my domain, and that someone isn't trying to hijack my site or page.
//Namespace Reference
using System.Web;
using System.Collections.Specialized;
#region IsValidRequest
/// <summary>
/// method for determining if this page was called from a valid
/// domain or if someone is trying to hijack this page
/// </summary>
/// <returns>True/False</returns>
public bool IsValidRequest(System.Web.HttpRequest request,string domain)
{
//NameValueCollection object for holding the server variables
NameValueCollection vars = request.ServerVariables;
string temp = vars.Get("HTTP_REFERER");
//make sure the referer isnt empty, if it's
//empty this isn't a valid request
if (!(string.IsNullOrEmpty(temp)))
{
//ok, so its not empty, now lets make sure the user
//is coming from a valid page
if (!(temp.Contains(domain)))
{
//not a valid request so return false
return false;
}
else
{
//request originated on a valid page so return true
return true;
}
}
else
{
//HTTP_REFERER is empty so this isn't a valid request, return false
return false;
}
}
#endregion
//Sample Usage
//replace YourClass with the name of the class where this resides
YourClass check = new YourClass();
//now check the validity
if(!(check.IsValidRequest(Request,"yourdomain.com")))
{
Response.Redirect("http://www.yoursite.com/");
}
View original article here
No comments:
Post a Comment