Prabhat wrote on 01 mei 2006 in microsoft.public.inetserver.asp.general:
Suppose I have one website www.mywebsite.com and I have one page in
this site as "myrestrictedpage.asp".
The page "myrestrictedpage.asp" should NOT be accesible from the
hosted website (www.mywebsite.com) instead of that the page can only
be accessible only from :
1) www.OtherWeb1.com/welcomeuser.asp
2) www.OtherWeb5.com/
[1]
You can do this rather safe by having the second server have an asp file,
that datamines the rendered html[+clientside script] from a secretly
named file on server 1.
See <http://www.aspfaq.com/show.asp?id=2173>
How do I read the contents of a remote web page?
As an extra measure the secret file could be restricted by
if request.servervariables("remote_addr") <> "IPofFirstServer" then
response.end
end if
==============
[2]
Or you can do this by redirecting the client's browser to the then
nonsecret file on server 1, where that latter file checks the referrer.
if Request.ServerVariables("HTTP_REFERER") <> "123.456.789.123" then
server.transfer "/404.asp"
then
This referrer [mind the double rr and single r bug in ASP] business is
not absolutely safe, I think.
==============
[3]
Working with passwords that go through the client is futile securitywize,
unless you use one-time passwords generated by one of the servers and
requested directly by the other, like in [1].
The generated password can be stored in an application variable and
destroyed upon first request. A collision with two near simultaneous
request is possible.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
