How to authenticate an HTTP request to a web server

I have the following scenario: -

1) User opens test1.aspx web page and clicks some button on test1.aspx. After clicking, the user is redirected to the callback.aspx web page.
2) callback.aspx makes a cross domain http request using javascript on another server (like facebook server)
3) callback.aspx sends collected data (from another server) to test2.aspx web page (simple mailbox) ...

Now my problem is how can I make sure the collected data going to test2.aspx only comes from callback.aspx and nowhere else. I mean, any hacker can send false data to test2.aspx by making a message or receiving a request.

callback.aspx is something like an authentication script, if it says the user is authenticated, test2.aspx should trust the user is authenticated. Basically, auth user I using oauth-2.0 client side flow.

+3


source to share


2 answers


Making HTTP requests from a web page - a task commonly referred to as "clearing the screen" - involves server-side code making an HTTP request to some other website, getting the returned results, and handling those results in some way. For example, screen scraping is often used to grab data from another site, such as scrambling HTML from Yahoo! Finance page to grab the current stock price for a specific stock symbol. Making simple HTTP requests in ASP.NET requires just a few lines of code, thanks to the WebClient class. Found in the System.Net namespace, this class provides a small number of properties and methods useful for making simple HTTP requests.



http://www.4guysfromrolla.com/articles/102605-1.aspx

+2


source


There are many such requirements. The first thing that comes to mind is encrypting the data you send from callback.aspx to test2.aspx. If you can decrypt into test2.aspx then you are sure the data is good.



+1


source







All Articles