I have developed a website with React that has a page that displays, via IFrame, a .htm file found under the site in a Virtual Directory. This works great, except...
My website does require a login so I know the user has authenticated to the website (login is done by accessing a .NET web service API). If they get to the page that has the IFrame on it, I know they have been authenticated for my website. However, by inspecting the page, the user can see the URL of the Virtual Directory. They can then navigate directly to that Virtual Directory in, for example, another tab and/or browser without having to sign in. How can I prevent this?
If I disable Anonymous Authentication and enable Windows Authentication from the Virtual Directory, then when navigating through my website, the user is prompted for a network login. This would be fine for direct access, but I want to by-pass this when accessed through my website as they've already signed in.
Any ideas on how I can accomplish this functionality?
Thanks.