Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Posting to another page question

Reply
Thread Tools

Posting to another page question

 
 
Ivan Demkovitch
Guest
Posts: n/a
 
      09-04-2003
Hi!

I have Portal application which is on http. However I like to do user
authentification using SSL

I like approach most sites use:

They have

<form name="loginForm" action="https://sss" method="post">
...

I wonder how can I do "action" parameter dinamic from my ASP.NET ?

Next question is how to actually read values when it get's posted to
"https://sss"

Another question is
If I authentificated user and want to go to exactly same place user came
from (original http://aaa) How do I get this address ?

Also, I want to maintain same Session. All user credentials will be stored
there.

Is it correct approach to securing user login/password ?




 
Reply With Quote
 
 
 
 
Chris Jackson
Guest
Posts: n/a
 
      09-04-2003
> I like approach most sites use:
> They have
> <form name="loginForm" action="https://sss" method="post">
> I wonder how can I do "action" parameter dinamic from my ASP.NET ?


You just need to remove the runat=server attribute from the form tag and you
can do this. ASP.NET wraps an object oriented framework around these pages -
so you define the variables and then use the same variables to access the
data you collect in the postback. If you post to another page, you don't get
to do this - you just iterate through the collections that are passed the
same way you did 5 years ago. You can keep on doing it the old way (in which
case you can no longer use web controls) but you may want to consider
re-thinking the way you do things using this new paradigm. You might find
that you like it better - I know that I certainly did, once I got used to
it.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--


 
Reply With Quote
 
 
 
 
Ivan Demkovitch
Guest
Posts: n/a
 
      09-04-2003

"Chris Jackson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> > I like approach most sites use:
> > They have
> > <form name="loginForm" action="https://sss" method="post">
> > I wonder how can I do "action" parameter dinamic from my ASP.NET ?

>
> You just need to remove the runat=server attribute from the form tag and

you
> can do this.


I don't have any

>ASP.NET wraps an object oriented framework around these pages -
> so you define the variables and then use the same variables to access the
> data you collect in the postback. If you post to another page, you don't

get
> to do this - you just iterate through the collections that are passed the
> same way you did 5 years ago.


What collection? I wasn't in web dev 5 years ago...

> want to consider
> re-thinking the way you do things using this new paradigm. You might find
> that you like it better - I know that I certainly did, once I got used to
> it.


I certanly want to do it right way.

Here is my scenario:

I have portal which does not have secure data right now. However, it allow
user to setup preferences.
Soon, I will be adding online store and want same users to be able use it. I
need "Login" block on main page (which is not secure)
From what I understand there is no build-in way for providing SSL for users
other then redirecting post to different page (from secured place).

In .NET I would have to create separate Login only page for this...

Any other ideas on how this could be done?










 
Reply With Quote
 
Chris Jackson
Guest
Posts: n/a
 
      09-05-2003
This isn't a problem that is unique to .NET - it's the same for any web site
you develop. .NET is only the environment you use to program the server - it
has no effect on what the client sees, which is still just plain old DHTML.

If you want to have just the login page encrypted, you can post to an SSL
page and make that happen. Alternately, if you want to simply have it post
back to itself, you need to have that page itself using SSL. SSL is not
something you provide - you simply need to have an https page on a certified
server. There is no configuration of the page, per se, but simply a
configuration of your server and where you place your files. Nothing is
unique to .NET here - this is simply a function of how the technology works.

Intro to SSL here:

http://developer.netscape.com/docs/m...n/contents.htm


--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
"Ivan Demkovitch" <i@d> wrote in message
news:(E-Mail Removed)...
>
> "Chris Jackson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > > I like approach most sites use:
> > > They have
> > > <form name="loginForm" action="https://sss" method="post">
> > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?

> >
> > You just need to remove the runat=server attribute from the form tag and

> you
> > can do this.

>
> I don't have any
>
> >ASP.NET wraps an object oriented framework around these pages -
> > so you define the variables and then use the same variables to access

the
> > data you collect in the postback. If you post to another page, you don't

> get
> > to do this - you just iterate through the collections that are passed

the
> > same way you did 5 years ago.

>
> What collection? I wasn't in web dev 5 years ago...
>
> > want to consider
> > re-thinking the way you do things using this new paradigm. You might

find
> > that you like it better - I know that I certainly did, once I got used

to
> > it.

>
> I certanly want to do it right way.
>
> Here is my scenario:
>
> I have portal which does not have secure data right now. However, it allow
> user to setup preferences.
> Soon, I will be adding online store and want same users to be able use it.

I
> need "Login" block on main page (which is not secure)
> From what I understand there is no build-in way for providing SSL for

users
> other then redirecting post to different page (from secured place).
>
> In .NET I would have to create separate Login only page for this...
>
> Any other ideas on how this could be done?
>
>
>
>
>
>
>
>
>
>



 
Reply With Quote
 
Ivan Demkovitch
Guest
Posts: n/a
 
      09-05-2003
Chris,

Thank you for response.

I managed to make it work. However I have following problem:

1. Page posts to secured page fine (I assume user info is securely
transmitted and I don't miss anything here)
2. I have following code(in secured page):
Response.Redirect ("http://ivand/ASPNET/Default.aspx");

This suppose to redirect me back to main page (Main page load's depending on
security already saved in session)

But I get warning: "You are about to be redirected to a connection that is
not secure ...."

I understand why, but is there is any way to accomplish this without this
messages ??




"Chris Jackson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This isn't a problem that is unique to .NET - it's the same for any web

site
> you develop. .NET is only the environment you use to program the server -

it
> has no effect on what the client sees, which is still just plain old

DHTML.
>
> If you want to have just the login page encrypted, you can post to an SSL
> page and make that happen. Alternately, if you want to simply have it post
> back to itself, you need to have that page itself using SSL. SSL is not
> something you provide - you simply need to have an https page on a

certified
> server. There is no configuration of the page, per se, but simply a
> configuration of your server and where you place your files. Nothing is
> unique to .NET here - this is simply a function of how the technology

works.
>
> Intro to SSL here:
>
> http://developer.netscape.com/docs/m...n/contents.htm
>
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows XP
> Windows XP Associate Expert
> --
> "Ivan Demkovitch" <i@d> wrote in message
> news:(E-Mail Removed)...
> >
> > "Chris Jackson" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > > I like approach most sites use:
> > > > They have
> > > > <form name="loginForm" action="https://sss" method="post">
> > > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?
> > >
> > > You just need to remove the runat=server attribute from the form tag

and
> > you
> > > can do this.

> >
> > I don't have any
> >
> > >ASP.NET wraps an object oriented framework around these pages -
> > > so you define the variables and then use the same variables to access

> the
> > > data you collect in the postback. If you post to another page, you

don't
> > get
> > > to do this - you just iterate through the collections that are passed

> the
> > > same way you did 5 years ago.

> >
> > What collection? I wasn't in web dev 5 years ago...
> >
> > > want to consider
> > > re-thinking the way you do things using this new paradigm. You might

> find
> > > that you like it better - I know that I certainly did, once I got used

> to
> > > it.

> >
> > I certanly want to do it right way.
> >
> > Here is my scenario:
> >
> > I have portal which does not have secure data right now. However, it

allow
> > user to setup preferences.
> > Soon, I will be adding online store and want same users to be able use

it.
> I
> > need "Login" block on main page (which is not secure)
> > From what I understand there is no build-in way for providing SSL for

> users
> > other then redirecting post to different page (from secured place).
> >
> > In .NET I would have to create separate Login only page for this...
> >
> > Any other ideas on how this could be done?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
URL Posting Fails in Medium Trust (3rd time posting this w/ zero replies so far) AmitKu ASP .Net 7 01-08-2007 07:31 PM
Top Posting vs. Bottom Posting scaredkitty Computer Support 37 04-06-2005 12:27 AM
Question about posting data from one page to another page =?Utf-8?B?ZWpz?= ASP .Net 2 11-04-2004 12:49 PM
Everytime I hover cursro over a posting, it crosses out with red mark on it.. on every posting alanb ASP .Net 2 04-23-2004 02:23 PM
Posting to another page question Ivan Demkovitch ASP .Net 4 09-05-2003 07:31 PM



Advertisments