I need to be able to add javascript to an existing classic asp page that does an ajax query to a service a remote service. My theory is that the javascript would call a proxy asp page that would actually call the service (to hide the actual url called).
How can I ensure that the proxy can only be called from the specific page?
The existing page is part of a site that's not on our server, so no changes can be made to IIS, etc.
Amendment
I'm adding a button to the 'Enter Address' page of an e-commerce service's site (this is in Classic ASP). The button executes a query to obtain details from a web service.
You can check the HTTP_REFERER variable from the Request.ServerVariables collection. Make sure this value matches the URL you want the request to come from.
This could still be spoofed, but is reasonably secure for most cases. Depends on how secure you need it to be.