Multi Page ASPX

[Bill Smith]

I have a ASP webpage that creates user accounts. It currently use the format
as follows.

First Page:
Input boxes that get Firstname and Lastname and Department etc.
JavaScript Validation
If correct posts information to Second Page

Second Page:
Makes a username, email address and displayname from given info then checks
active directory to see if it exists. If it does exist it try's again until
it finds a unused one.
Then posts to third page:

Third Page:
Popup Window
Displays the progress of creating the AD account and setting all the
information.
Once complete sends email and closes.

I want to convert this to ASP.NET. The problem is I want to keep it very
secure. Im reading I should posts each page to itself to get the most out of
ASP.NET.

Any ideas on the best way to go at this.
Thanks

Bill

 

[Arvind P Rangan]

Bill,
Browse this URL:
http://msdn.microsoft.com/library/d...ml/vbtskpassingvaluesbetweenwebformspages.asp

This will explain you how to pass values from one page to another in aspx
pages.
This will help you check it out.
aRvind

 

[Martyn Fewtrell]

Bill

You don't need to post between pages but effectively put each old page onto
a panel control on one single new page. The next/back buttons will then
allow you to move backwards and forwards by turning on and off the different
panel controls on the same page. The information from one panel to the next
is stored within the view state of the page and does not appear in the url
string. If you need to be really careful you can store the view state on a
separate SQL server database or I believe(?) the session state on the
server. I don't know which option would be most appropriate for your
situation.

Its really very simple - create a test page, drag on a couple of panels, add
some text to each, and then alter the visible state of each panel using a
button and it will all become clear.

Martyn Fewtrell
http://www.networkclub.co.uk

 

[Tommy]

Webform does have validation to ensure that the data is being posted
to itself by checking a hash value in the viewstate.

However, I don't think posting to another webform will make your web
application less secure.

ASP.NET does have a few additional feature the makes it easier to
implement a secure web application. However, ASP.NET alone will not
make your website very secure. You will still need to have a secure
infrastructure that is independent of ASP.NET, such as using firewall,
intrusion detection system, SSL, machine configurations...

I think you will be able to port all your existing code from ASP to
ASP.NET without posting any new security risk to your system.

One questions I have is that how third page knows when the processing
of creating an AD user is complete? Does it pool the web server
constantly?

Tommy,

 

[nfedin]

Posting back to the same page will probably be the best.

You could have everything on one page, but just hide what you don't
want the user to see. IIS will remember all the values for the hidden
fields but the user won't be able to see them.

You could also make three user controls, one for each page. It would
be just like above, but you would only have to show/hide the user
control instead of many input controls.

Hope this helps,

Neil