Request.IsLocal

Unless someone manipulates your TCP stack it is fully trustable.

it basically is an analysis of the network stack from the IIS layer on whether the request originated locally - most likely by coming from a 127.0.0.x address (yes, localhost is the whole at that time C network, not just 127.0.0.1).

There is no way to establish a TCp connection with a fake origin, so this data can be trusted.

http://forums.asp.net/t/1065813.aspx/1

indicates via decompiling it checks on 127.0.0.1 and ::1 - both are the common localhost addresses.

Again, and still, this is totally not fakeable unless you manipualte the network stack or the .net framework classes.