Posting to another page question

Discussion in 'ASP .Net Security' started by Ivan Demkovitch, Sep 4, 2003.

  1. Hi!

    I have Portal application which is on http. However I like to do user
    authentification using SSL

    I like approach most sites use:

    They have

    <form name="loginForm" action="https://sss" method="post">
    ...

    I wonder how can I do "action" parameter dinamic from my ASP.NET ?

    Next question is how to actually read values when it get's posted to
    "https://sss"

    Another question is
    If I authentificated user and want to go to exactly same place user came
    from (original http://aaa) How do I get this address ?

    Also, I want to maintain same Session. All user credentials will be stored
    there.

    Is it correct approach to securing user login/password ?
     
    Ivan Demkovitch, Sep 4, 2003
    #1
    1. Advertising

  2. > I like approach most sites use:
    > They have
    > <form name="loginForm" action="https://sss" method="post">
    > I wonder how can I do "action" parameter dinamic from my ASP.NET ?


    You just need to remove the runat=server attribute from the form tag and you
    can do this. ASP.NET wraps an object oriented framework around these pages -
    so you define the variables and then use the same variables to access the
    data you collect in the postback. If you post to another page, you don't get
    to do this - you just iterate through the collections that are passed the
    same way you did 5 years ago. You can keep on doing it the old way (in which
    case you can no longer use web controls) but you may want to consider
    re-thinking the way you do things using this new paradigm. You might find
    that you like it better - I know that I certainly did, once I got used to
    it.

    --
    Chris Jackson
    Software Engineer
    Microsoft MVP - Windows XP
    Windows XP Associate Expert
    --
     
    Chris Jackson, Sep 4, 2003
    #2
    1. Advertising

  3. "Chris Jackson" <> wrote in message
    news:...
    > > I like approach most sites use:
    > > They have
    > > <form name="loginForm" action="https://sss" method="post">
    > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?

    >
    > You just need to remove the runat=server attribute from the form tag and

    you
    > can do this.


    I don't have any

    >ASP.NET wraps an object oriented framework around these pages -
    > so you define the variables and then use the same variables to access the
    > data you collect in the postback. If you post to another page, you don't

    get
    > to do this - you just iterate through the collections that are passed the
    > same way you did 5 years ago.


    What collection? I wasn't in web dev 5 years ago...

    > want to consider
    > re-thinking the way you do things using this new paradigm. You might find
    > that you like it better - I know that I certainly did, once I got used to
    > it.


    I certanly want to do it right way.

    Here is my scenario:

    I have portal which does not have secure data right now. However, it allow
    user to setup preferences.
    Soon, I will be adding online store and want same users to be able use it. I
    need "Login" block on main page (which is not secure)
    From what I understand there is no build-in way for providing SSL for users
    other then redirecting post to different page (from secured place).

    In .NET I would have to create separate Login only page for this...

    Any other ideas on how this could be done?
     
    Ivan Demkovitch, Sep 4, 2003
    #3
  4. This isn't a problem that is unique to .NET - it's the same for any web site
    you develop. .NET is only the environment you use to program the server - it
    has no effect on what the client sees, which is still just plain old DHTML.

    If you want to have just the login page encrypted, you can post to an SSL
    page and make that happen. Alternately, if you want to simply have it post
    back to itself, you need to have that page itself using SSL. SSL is not
    something you provide - you simply need to have an https page on a certified
    server. There is no configuration of the page, per se, but simply a
    configuration of your server and where you place your files. Nothing is
    unique to .NET here - this is simply a function of how the technology works.

    Intro to SSL here:

    http://developer.netscape.com/docs/manuals/security/sslin/contents.htm


    --
    Chris Jackson
    Software Engineer
    Microsoft MVP - Windows XP
    Windows XP Associate Expert
    --
    "Ivan Demkovitch" <i@d> wrote in message
    news:...
    >
    > "Chris Jackson" <> wrote in message
    > news:...
    > > > I like approach most sites use:
    > > > They have
    > > > <form name="loginForm" action="https://sss" method="post">
    > > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?

    > >
    > > You just need to remove the runat=server attribute from the form tag and

    > you
    > > can do this.

    >
    > I don't have any
    >
    > >ASP.NET wraps an object oriented framework around these pages -
    > > so you define the variables and then use the same variables to access

    the
    > > data you collect in the postback. If you post to another page, you don't

    > get
    > > to do this - you just iterate through the collections that are passed

    the
    > > same way you did 5 years ago.

    >
    > What collection? I wasn't in web dev 5 years ago...
    >
    > > want to consider
    > > re-thinking the way you do things using this new paradigm. You might

    find
    > > that you like it better - I know that I certainly did, once I got used

    to
    > > it.

    >
    > I certanly want to do it right way.
    >
    > Here is my scenario:
    >
    > I have portal which does not have secure data right now. However, it allow
    > user to setup preferences.
    > Soon, I will be adding online store and want same users to be able use it.

    I
    > need "Login" block on main page (which is not secure)
    > From what I understand there is no build-in way for providing SSL for

    users
    > other then redirecting post to different page (from secured place).
    >
    > In .NET I would have to create separate Login only page for this...
    >
    > Any other ideas on how this could be done?
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
     
    Chris Jackson, Sep 5, 2003
    #4
  5. Chris,

    Thank you for response.

    I managed to make it work. However I have following problem:

    1. Page posts to secured page fine (I assume user info is securely
    transmitted and I don't miss anything here)
    2. I have following code(in secured page):
    Response.Redirect ("http://ivand/ASPNET/Default.aspx");

    This suppose to redirect me back to main page (Main page load's depending on
    security already saved in session)

    But I get warning: "You are about to be redirected to a connection that is
    not secure ...."

    I understand why, but is there is any way to accomplish this without this
    messages ??




    "Chris Jackson" <> wrote in message
    news:...
    > This isn't a problem that is unique to .NET - it's the same for any web

    site
    > you develop. .NET is only the environment you use to program the server -

    it
    > has no effect on what the client sees, which is still just plain old

    DHTML.
    >
    > If you want to have just the login page encrypted, you can post to an SSL
    > page and make that happen. Alternately, if you want to simply have it post
    > back to itself, you need to have that page itself using SSL. SSL is not
    > something you provide - you simply need to have an https page on a

    certified
    > server. There is no configuration of the page, per se, but simply a
    > configuration of your server and where you place your files. Nothing is
    > unique to .NET here - this is simply a function of how the technology

    works.
    >
    > Intro to SSL here:
    >
    > http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
    >
    >
    > --
    > Chris Jackson
    > Software Engineer
    > Microsoft MVP - Windows XP
    > Windows XP Associate Expert
    > --
    > "Ivan Demkovitch" <i@d> wrote in message
    > news:...
    > >
    > > "Chris Jackson" <> wrote in message
    > > news:...
    > > > > I like approach most sites use:
    > > > > They have
    > > > > <form name="loginForm" action="https://sss" method="post">
    > > > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?
    > > >
    > > > You just need to remove the runat=server attribute from the form tag

    and
    > > you
    > > > can do this.

    > >
    > > I don't have any
    > >
    > > >ASP.NET wraps an object oriented framework around these pages -
    > > > so you define the variables and then use the same variables to access

    > the
    > > > data you collect in the postback. If you post to another page, you

    don't
    > > get
    > > > to do this - you just iterate through the collections that are passed

    > the
    > > > same way you did 5 years ago.

    > >
    > > What collection? I wasn't in web dev 5 years ago...
    > >
    > > > want to consider
    > > > re-thinking the way you do things using this new paradigm. You might

    > find
    > > > that you like it better - I know that I certainly did, once I got used

    > to
    > > > it.

    > >
    > > I certanly want to do it right way.
    > >
    > > Here is my scenario:
    > >
    > > I have portal which does not have secure data right now. However, it

    allow
    > > user to setup preferences.
    > > Soon, I will be adding online store and want same users to be able use

    it.
    > I
    > > need "Login" block on main page (which is not secure)
    > > From what I understand there is no build-in way for providing SSL for

    > users
    > > other then redirecting post to different page (from secured place).
    > >
    > > In .NET I would have to create separate Login only page for this...
    > >
    > > Any other ideas on how this could be done?
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >

    >
    >
     
    Ivan Demkovitch, Sep 5, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Magnus

    posting to another aspx page

    Magnus, Jul 3, 2003, in forum: ASP .Net
    Replies:
    5
    Views:
    502
    Natty Gur
    Jul 3, 2003
  2. Ivan Demkovitch

    Posting to another page question

    Ivan Demkovitch, Sep 4, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    386
    Ivan Demkovitch
    Sep 5, 2003
  3. alanb
    Replies:
    2
    Views:
    542
    alanb
    Apr 23, 2004
  4. =?Utf-8?B?ZWpz?=
    Replies:
    2
    Views:
    403
    =?Utf-8?B?ZWpz?=
    Nov 4, 2004
  5. AmitKu
    Replies:
    7
    Views:
    522
    John Timney \(MVP\)
    Jan 8, 2007
Loading...

Share This Page