Posting to another page question

  • Thread starter Thread starter Ivan Demkovitch
  • Start date Start date
I

Ivan Demkovitch

Hi!

I have Portal application which is on http. However I like to do user
authentification using SSL

I like approach most sites use:

They have

<form name="loginForm" action="https://sss" method="post">
...

I wonder how can I do "action" parameter dinamic from my ASP.NET ?

Next question is how to actually read values when it get's posted to
"https://sss"

Another question is
If I authentificated user and want to go to exactly same place user came
from (original http://aaa) How do I get this address ?

Also, I want to maintain same Session. All user credentials will be stored
there.

Is it correct approach to securing user login/password ?
 
I like approach most sites use:
They have
<form name="loginForm" action="https://sss" method="post">
I wonder how can I do "action" parameter dinamic from my ASP.NET ?
Click to expand...

You just need to remove the runat=server attribute from the form tag and you
can do this. ASP.NET wraps an object oriented framework around these pages -
so you define the variables and then use the same variables to access the
data you collect in the postback. If you post to another page, you don't get
to do this - you just iterate through the collections that are passed the
same way you did 5 years ago. You can keep on doing it the old way (in which
case you can no longer use web controls) but you may want to consider
re-thinking the way you do things using this new paradigm. You might find
that you like it better - I know that I certainly did, once I got used to
it.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
 
Chris Jackson said:
You just need to remove the runat=server attribute from the form tag and you
can do this.
Click to expand...

I don't have any
ASP.NET wraps an object oriented framework around these pages -
so you define the variables and then use the same variables to access the
data you collect in the postback. If you post to another page, you don't get
to do this - you just iterate through the collections that are passed the
same way you did 5 years ago.
Click to expand...

What collection? I wasn't in web dev 5 years ago...
want to consider
re-thinking the way you do things using this new paradigm. You might find
that you like it better - I know that I certainly did, once I got used to
it.
Click to expand...

I certanly want to do it right way.

Here is my scenario:

I have portal which does not have secure data right now. However, it allow
user to setup preferences.
Soon, I will be adding online store and want same users to be able use it. I
need "Login" block on main page (which is not secure)
From what I understand there is no build-in way for providing SSL for users
other then redirecting post to different page (from secured place).

In .NET I would have to create separate Login only page for this...

Any other ideas on how this could be done?
 
This isn't a problem that is unique to .NET - it's the same for any web site
you develop. .NET is only the environment you use to program the server - it
has no effect on what the client sees, which is still just plain old DHTML.

If you want to have just the login page encrypted, you can post to an SSL
page and make that happen. Alternately, if you want to simply have it post
back to itself, you need to have that page itself using SSL. SSL is not
something you provide - you simply need to have an https page on a certified
server. There is no configuration of the page, per se, but simply a
configuration of your server and where you place your files. Nothing is
unique to .NET here - this is simply a function of how the technology works.

Intro to SSL here:

http://developer.netscape.com/docs/manuals/security/sslin/contents.htm


--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
 
Chris,

Thank you for response.

I managed to make it work. However I have following problem:

1. Page posts to secured page fine (I assume user info is securely
transmitted and I don't miss anything here)
2. I have following code(in secured page):
Response.Redirect ("http://ivand/ASPNET/Default.aspx");

This suppose to redirect me back to main page (Main page load's depending on
security already saved in session)

But I get warning: "You are about to be redirected to a connection that is
not secure ...."

I understand why, but is there is any way to accomplish this without this
messages ??
 
Back
Top