Restrict page access in IIS 6.0

I want to be able to restrict page access in a web application deployed in IIS 6.0.

Say my web applications has these pages:

a.aspx b.aspx c.aspx d.aspx

The proper way to access is "http://mysite/a.aspx"

From a.aspx the other aspx pages could be loaded. What I want to be prevent is someone typing i开发者_JAVA技巧n:

"http://mysite/c.aspx"

And then being served that page. Any ideas?

Thanks.

You have a couple of options really. You could utilize some user authentication, this seems like it could be overkill for what you are attempting.

I think the easiest method if I have understood you correctly is only to allow viewing if the referring page is a.aspx So it would give a permission denied or some other message if your referring page is not a.aspx.

You could always store a session variable in a.aspx and check that variable in c.aspx and redirect back to a.aspx if it is not what you are looking for. To prevent a repeat the session variable could be destroyed in c.aspx. I am sure someone could spoof the session if they wanted to that badly but unless you have gold on that page no one is going to care, and if you have gold on that page you need different security measures anyway.

You could set a variable in the page in question whose value will only be set when coming from the specific page and the first thing you check on the page in question is whether that value is set otherwise display some message or deny access.