We have a moss internet facing publishing site, we need to restrict access to this web site to people who have come from another specific web site (using the http header referrer property).
This has to be an automatic process (the user should not have to click ‘login’ or anything like that).
How to do this? Any advice greatly appreciated.
I don’t really want to attempt to write a custom membership provider; that seems like a huge amount of work.
I don't think HTTP-REFERRER is reliabile enough to use as the basis for security. It is very possible/easy to modify or fake the HTTP-REFERRER server variable. Some browsers don't even send it.
If you wanted to do this all in SharePoint, I think the best best bet would be too install a server control on the master page that inspects determines the origin of the request (to your satisfaction) and redirects if the visitor is from the offending location.
Another approach mayb be to implement an ISAPI filter or HTTP module to verify the request origin. You can have this module run before the MOSS filters and modules. This would have 0 impact on SharePoint.
Basically, I think the first thing to do is verify that HTTP-REFERRER is strong enough for your security needs. I prefer the latter option, but I think the former will be easier to implement.