| David Wang [Msft] 2004-01-24, 2:01 am |
| HTTP is stateless between every request, so how do you propose to detect
that a user navigated directly to a given URL with a special request vs.
navigating from another URL already on your website?
There is a mechanism to do this via the availability of the correct
"REFERER" header, but it is not fool-proof and can make your website
discriminate against browser clients. In essence, you are placing custom
authentication on your website where the correct password is "your root
address". It can be broken by simply spying on "successful" traffic and
replaying them.
There is another way to do the same thing by setting up one page as the
watchdog over access to certain URLs and perform any check you want, and
then this page will stream back the data (which is NOT stored in a
URL-accessible location) upon successful authorization.
This question has actually been asked/answered recently (within the past
day) on microsoft.public.inetserver.iis , so I would encourage searching
there as well.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"NtKernel74" <chris.moore@akg-america.com> wrote in message
news:017FC985-873E-46FD-9565-65407DE986D9@microsoft.com...
is it possible to restrict a user from going straight to a particular path
opposed to having to navigate from the home page?
example: I don't want access straight to the address
http://xxx.xxx.xxx.xxx/reports but instead want the user to go to the
http://xxx.xxx.xxx.xxx home page and then navigate to the reports page.
|