Good Afternoon,

I am not sure of the best way to do this or how so you may have suggestions as well as help. We have basically created an asp.net application that needs to be protected but we don't want yet another logon for it.

We have put a link to the asp.net application with in the Microsoft Exchange Outlook Web Access site to go straight to the application so once they have logged on to our OWA website they can open the web application straight up but in order to protect it we need to prevent it opening from direct link or any other location. My initial thought was when the web application is opened up to check the reffer link and if it was the correct one allow access and if not redirect them to the Outlook Web Access logon page.

Is there a better way if not how would we be able to go about this. I have done some research online and I have found this bit of code I am not actually doing this myself its for my collegue and I never used any code like this so don't even know if it will work:

newWindow = window.open("","")
if (newWindow!= null)
newWindow.document.write("Some HTML")
//newWindow.focus() This line added by me, untested

(note when it says this line added by me thats not me thats the person else where on the net I got the example from.

Regards,
Max