Referral URL in AsP.net!

I need to know about refferal URL .How to implement this in Asp.net I have a web page which i pass a parameter through URL webpagen开发者_开发百科ame.aspx?Id=129

A user can easily change the ID and go to any users session using the above url

My client suggested to use referral URL instead of above.. how can i use it and how to implement this?

Your client suggested you wrong because the user can also change the HTTP referrer of the request and go wherever he likes. You must implement server side authentication and authorization. Forms authentication works pretty well in ASP.NET.

So basically when a user authenticates on your site his username is stored in an encrypted authentication cookie that he cannot modify and which is sent along with each request. The server decrypts this cookie and extracts the username. Then you can check against your database whether the XXX with Id=129 belongs to the currently authenticated user and display the page if it does or an error message if it doesn't.

Using ID is fine, as long as on webpagename.aspx you do an authentication check - ensure that the logged in user is indeed User ID 129 (in your example)

Are you using Asp.Net Membership? If so I can help you with your code.

Thanks Chris.