restricting bookmarks / favourites requests (security issue) in asp.net

Question

0.00/5 (No votes)

See more:

i have .net application, when the user enters in to application by entering username & password, user will creates bookmark in chrome or favourites in IE8, when ever user clicks on favourite related to that .net logged in app, need to redirect user to login page even though session / forms token is alive, this issue related to security.

this kind of functionality saw in bank sites(www.onlinesbi.com,www.axisbank.com),

if any one knows, pls help me the procedure to implement.

thank you

Posted 20-Jun-13 2:11am

srinvias kumar lumeris

Updated 21-Jun-13 1:20am

v2

Add a Solution

Comments

Thanks7872 20-Jun-13 8:18am

Not clear. User doesnt create any bookmarks after login? Can you elaborate more on this what do you mean by "favourite related to .net application"?

srinvias kumar lumeris 20-Jun-13 8:28am

after getting user login, user will navigate to some screens as per user requirement, then user will create that screen url as favourite in IE8 or bookmark in chrome, then if the user click on that created favourite in IE8 browser , need to take user to login page means restricting user by providing security to application, if any clarification need let me know

favourite in IE8 and bookmarks in chrome are same, but different in terminology, favourite are used as shortcut to required page, when we click on that favourite user will directly navigate to that particular requested page

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

*Karthik Harve* · Answer 1 · 2013-06-20T02:43:00

Hi,
I think simple ASP.NET application cannot restrict the browser's integral events such as "BookMark", "Favorites" etc. May be some ActiveX objects could handle those events, but again those objects will have its own pros & cons.

refer What ASP.NET Can And Cannot Do[^] for more.

hope it helps.

Thanks7872 · Answer 2 · 2013-06-20T02:45:00

Solution 2

You dont need to think about what user has bookmarked. Bookmarking doesnt mean that it allows access to user at anytime.Its your application who decides whether to allow acces to this request or not [based on some conditions].

The security you are talking about can be easily achieved using e.g. Forms Authentication. A very basic example can be found here.

How to: Implement Simple Forms Authentication[msdn][^]

After applying this concept, Any unauthenticated user will be redirected to Login page. This will give you more accuracy while working with the security.

[EDIT]:

ASP.NET Session State shared between IE Tabs and IE8[^].

asp.net - session - multiple browser tabs - different sessions?[^]

I think this is the thing what you needed.

Regards.. :laugh:

Posted 20-Jun-13 2:45am

Thanks7872

Updated 21-Jun-13 1:29am

v5

Comments

srinvias kumar lumeris 20-Jun-13 8:51am

thanks, but i already tried with forms authentication, i didnt get my requirement, any way
i will check with your link once again, if i have any doubts will ask you.

Thanks7872 20-Jun-13 8:54am

Sure. Most welcome. Forms authentication simply does something that unauthenticated users cant access predefined secured area.Thats it.Refer to updated answer once more.

srinvias kumar lumeris 21-Jun-13 5:48am

tested with forms authentication, once i will tell you my requirement, after user getting login with credentials(forms token is created), immediately user will creates favourites for required page, when the user click on that created favourite immediately need to redirect user to login page,

i observed that if i use forms authentication, after log in to the application when i click on favourite , user is staying in that form only without redirecting to login page, may be the reason is that user session / forms token is alive, our requirement is need to redirect to login page without considering sessions & tokens, let me know your comments.

Thanks7872 21-Jun-13 6:22am

Its not possible at all. I repeat again its not possible at all because its your browser's functionality. Why you want to restrict user from bookmarking the page? Let them bookmark it. You are concerned at bookmark/favorites or your application? I already told you to try your one of the email client.Bookmars/favorites and your application's security are totally means totally different. Bookmarking doesnt allow access to your application.

Thanks7872 21-Jun-13 6:23am

What is your ultimate goal?Restrict user to access your application if he tries to open it using bookmark/favorites,right?

srinvias kumar lumeris 21-Jun-13 6:26am

yes exactly, using favourite only, my app will run in IE8 only

Thanks7872 21-Jun-13 6:27am

Forget everything,implement forms authentication and you are done.

srinvias kumar lumeris 21-Jun-13 6:31am

i tried with forms authentication, followed your suggestion & link and implemented simple form authentication but not getting requirement.

Thanks7872 21-Jun-13 6:34am

Which requirement?

srinvias kumar lumeris 21-Jun-13 6:36am

when user click on favourite even though user session belongs to that favourite url is running/alive, needs to redirect to login page

Thanks7872 21-Jun-13 6:37am

Its not possible.

srinvias kumar lumeris 21-Jun-13 6:40am

when i use forms authentication , redirecting user to login page when ever user is unauthenticated, if he is authenticated when i click on favourite link, staying in that page of session, but take in bank site this kind of functionality is avail

Thanks7872 21-Jun-13 6:41am

Give me link of the site in which when i click on favorite it redirects me to login.

srinvias kumar lumeris 21-Jun-13 6:42am

www.onlinesbi.com,www.axisbank.com.....

Thanks7872 21-Jun-13 6:45am

Mr. srinivas i can bookmark it. I also tested it with ie,firfox,chrome i can bookmark it.I verified both the links.Even after login to my account. I own both the accounts sbi as well as axis and hdfc.

srinvias kumar lumeris 21-Jun-13 6:48am

you can do bookmarking, after creating bookmark, just click on that created bookmark immediately, you will observe that, you will be redirected to login page, i want that kind of functionality

srinvias kumar lumeris 21-Jun-13 7:12am

may i know your comment

Thanks7872 21-Jun-13 7:23am

That is so simple,just create session once user logged in. Whenever that page loads check that session if it exist that is user logged in then redirect him to login page.

srinvias kumar lumeris 21-Jun-13 7:27am

if i do like that user can never get logged in , while redirecting from login page to home page after entering creds, user will be redirected to login page.

Thanks7872 21-Jun-13 7:28am

Refer to updated answer.

srinvias kumar lumeris 24-Jun-13 2:00am

thats not working because in my application iam performing functionality in single page only

Thanks7872 24-Jun-13 2:03am

I dont think you tried any of the above options. Have you had a look at first link in EDIT?