get referrer from a specific page in same domain C#-CodePudding

My site has default.aspx page and you click submit and get to the customerinfo.aspx page. However,but they must come from the default.aspx page in the same domain. If the referrer is blank, an outside link, or their customer ID isn't there then it redirects back to the default.aspx page so they can enter their info, otherwise it displays the customer's data on the customerinfo.aspx page. Trying to prevent getting to the page from external URL and it shows object reference error if you do BUT just need to redirect to default page.

  Uri referrer = HttpContext.Current.Request.UrlReferrer;
        if (referrer == null || string.IsNullOrEmpty(Request.UrlReferrer.ToString()) && string.IsNullOrEmpty(Session["customerID"].ToString()))
        {
//This section is skipped because it's not a null referrer.
            Response.Redirect(url: "default.aspx", endResponse: false);
            return;
        }

        if (!IsPostBack)
        {

            if (!string.IsNullOrEmpty(Request.QueryString["customerID"]))
            {
                //This section is skipped even though there's a customer ID?
                Session["customerID"] = Request.QueryString["customerID"];
                customerInfo();
            }
            else
            {

                if (string.IsNullOrEmpty(Session["customerID"].ToString()))
                {
                    //This section is skipped because it's not an empty session, there's a customer ID.
                    Response.Redirect(url: "default.aspx", endResponse: false);
                }
                else
                {
                    //This section is hit because there's a customer ID so the string isn't empty but not sure why the first isn't hit?
                    customerInfo();
                }
            }
        }

CodePudding user response：

While the headders can be faked - it sill makes more work.

And you may well just not want users to land on some page that say a external link was provided to.

So, this will check for no reffering, and even if reffering is the same

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            // first page load.

            // user direct type in url - don't want that!!!
            // no reffering URL at all

            if (Request.UrlReferrer == null)
            {
                // user typed in URL - no reffering URL
                Response.Redirect("~/Default.aspx");
            }

            // user direct typed in this page, or selected from browser drop down/auto complate
            // so reffering page is SAME as this page - again not from our landing page
             if (Request.UrlReferrer.AbsoluteUri.ToString() == Request.Url.AbsoluteUri.ToString())
            {
                Response.Redirect("~/Default.aspx");
            }
        }
    }

CodePudding user response：

I was able to figure it out. Took some parts of Albert's code and made some changes to mine.

      Uri referrer = HttpContext.Current.Request.UrlReferrer;

      string urlName = Request.UrlReferrer.ToString(); // grabbing referring page address        
      
        if (referrer == null && urlName != "default.aspx")
        {
            Response.Redirect(url: "default.aspx", endResponse: false);
            return;
        } 

        if (!IsPostBack)
        {
            if(Session["customerID"] == null && urlName != "default.aspx") //If both are false they go to homepage
            {
                Response.Redirect(url: "default.aspx", endResponse: false);
            }
            else
            {
                customerInfo(); //or else they get the customer info on the customer page
            }
        }