2

I have web application which was developed in .NET 3.5, hosted on Windows server.

Outside people are accessing my web application by creating HttpWebRequest POSTs and passing the browser information along with necessary input values.

How to restrict access to my web application through HttpWebRequest?

Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325
Kannan Nagaraj
  • 119
  • 7
  • 1
    You don't want users to use a `HttpWebRequest`? – Patrick Hofman Jan 04 '16 at 12:51
  • yes..exactly..people are taking all the browser details like Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: localhost Content-Length: 6110 Connection: Keep-Alive Pragma: no-cache Cookie: ASP.NET_SessionId=eoymdoifmepp5bfjpquomnnr ; by using fiddler application. and changing the actual values of textbox or dropdown value even they are disabled and posting again . – Kannan Nagaraj Jan 04 '16 at 12:54
  • Are these 'people' logged in users or are they people who should not have access at all? – Steve Harris Jan 04 '16 at 13:04
  • yes those people have a login access to the web applcation. but they should not allowed to change the values which are in disabled . – Kannan Nagaraj Jan 05 '16 at 06:46

1 Answers1

3

You can't really restricted users from calling your site using HttpWebRequest (or 'not a browser', so to say) since all that information about the client machine, like the browser used, can be spoofed.

You have to wonder if you really want to go through all this. Do you want to make your users life miserable (or a least the user experience of your site)? If you do, you might want to use Captchas to make sure there is a real user and not a robot.

Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325