You cannot.
An HTTP request is an HTTP request and a manually constructed one can look however the user wants it to (so while you can shove hidden fields, cookies and so on into the requirements for a request, they can always be replicated manually).
Use authentication/authorization and worry about who is sending the data, not what.