| Groups | Blog | Home |
asp.net security : Posting to another page question
Hi!
I have Portal application which is on http. However I like to do user authentification using SSL I like approach most sites use: They have <form name="loginForm" action="https://sss" method="post"> ... I wonder how can I do "action" parameter dinamic from my ASP.NET ? Next question is how to actually read values when it get's posted to "https://sss" Another question is If I authentificated user and want to go to exactly same place user came from (original http://aaa) How do I get this address ? Also, I want to maintain same Session. All user credentials will be stored there. Is it correct approach to securing user login/password ?
[quoted text, click to view] "Chris Jackson" <chrisj@mvps.org> wrote in message news:egcrz1ycDHA.1880@TK2MSFTNGP10.phx.gbl... > > I like approach most sites use: > > They have > > <form name="loginForm" action="https://sss" method="post"> > > I wonder how can I do "action" parameter dinamic from my ASP.NET ? > > You just need to remove the runat=server attribute from the form tag and you > can do this. I don't have any [quoted text, click to view] >ASP.NET wraps an object oriented framework around these pages - > so you define the variables and then use the same variables to access the > data you collect in the postback. If you post to another page, you don't get > to do this - you just iterate through the collections that are passed the > same way you did 5 years ago. What collection? I wasn't in web dev 5 years ago... [quoted text, click to view] > want to consider > re-thinking the way you do things using this new paradigm. You might find > that you like it better - I know that I certainly did, once I got used to > it. I certanly want to do it right way. Here is my scenario: I have portal which does not have secure data right now. However, it allow user to setup preferences. Soon, I will be adding online store and want same users to be able use it. I need "Login" block on main page (which is not secure) From what I understand there is no build-in way for providing SSL for users other then redirecting post to different page (from secured place). In .NET I would have to create separate Login only page for this... Any other ideas on how this could be done?
[quoted text, click to view]
> I like approach most sites use: > They have > <form name="loginForm" action="https://sss" method="post"> > I wonder how can I do "action" parameter dinamic from my ASP.NET ? You just need to remove the runat=server attribute from the form tag and you can do this. ASP.NET wraps an object oriented framework around these pages - so you define the variables and then use the same variables to access the data you collect in the postback. If you post to another page, you don't get to do this - you just iterate through the collections that are passed the same way you did 5 years ago. You can keep on doing it the old way (in which case you can no longer use web controls) but you may want to consider re-thinking the way you do things using this new paradigm. You might find that you like it better - I know that I certainly did, once I got used to it. -- Chris Jackson Software Engineer Microsoft MVP - Windows XP Windows XP Associate Expert --
This isn't a problem that is unique to .NET - it's the same for any web site
you develop. .NET is only the environment you use to program the server - it has no effect on what the client sees, which is still just plain old DHTML. If you want to have just the login page encrypted, you can post to an SSL page and make that happen. Alternately, if you want to simply have it post back to itself, you need to have that page itself using SSL. SSL is not something you provide - you simply need to have an https page on a certified server. There is no configuration of the page, per se, but simply a configuration of your server and where you place your files. Nothing is unique to .NET here - this is simply a function of how the technology works. Intro to SSL here: http://developer.netscape.com/docs/manuals/security/sslin/contents.htm -- Chris Jackson Software Engineer Microsoft MVP - Windows XP Windows XP Associate Expert -- [quoted text, click to view] "Ivan Demkovitch" <i@d> wrote in message news:O5e1p7ycDHA.1728@TK2MSFTNGP09.phx.gbl... > > "Chris Jackson" <chrisj@mvps.org> wrote in message > news:egcrz1ycDHA.1880@TK2MSFTNGP10.phx.gbl... > > > I like approach most sites use: > > > They have > > > <form name="loginForm" action="https://sss" method="post"> > > > I wonder how can I do "action" parameter dinamic from my ASP.NET ? > > > > You just need to remove the runat=server attribute from the form tag and > you > > can do this. > > I don't have any > > >ASP.NET wraps an object oriented framework around these pages - > > so you define the variables and then use the same variables to access the > > data you collect in the postback. If you post to another page, you don't > get > > to do this - you just iterate through the collections that are passed the > > same way you did 5 years ago. > > What collection? I wasn't in web dev 5 years ago... > > > want to consider > > re-thinking the way you do things using this new paradigm. You might find > > that you like it better - I know that I certainly did, once I got used to > > it. > > I certanly want to do it right way. > > Here is my scenario: > > I have portal which does not have secure data right now. However, it allow > user to setup preferences. > Soon, I will be adding online store and want same users to be able use it. I > need "Login" block on main page (which is not secure) > From what I understand there is no build-in way for providing SSL for users > other then redirecting post to different page (from secured place). > > In .NET I would have to create separate Login only page for this... > > Any other ideas on how this could be done? > > > > > > > > > >
Chris,
Thank you for response. I managed to make it work. However I have following problem: 1. Page posts to secured page fine (I assume user info is securely transmitted and I don't miss anything here) 2. I have following code(in secured page): Response.Redirect ("http://ivand/ASPNET/Default.aspx"); This suppose to redirect me back to main page (Main page load's depending on security already saved in session) But I get warning: "You are about to be redirected to a connection that is not secure ...." I understand why, but is there is any way to accomplish this without this messages ?? [quoted text, click to view] "Chris Jackson" <chrisj@mvps.org> wrote in message news:e3MlU17cDHA.2960@tk2msftngp13.phx.gbl... > This isn't a problem that is unique to .NET - it's the same for any web site > you develop. .NET is only the environment you use to program the server - it > has no effect on what the client sees, which is still just plain old DHTML. > > If you want to have just the login page encrypted, you can post to an SSL > page and make that happen. Alternately, if you want to simply have it post > back to itself, you need to have that page itself using SSL. SSL is not > something you provide - you simply need to have an https page on a certified > server. There is no configuration of the page, per se, but simply a > configuration of your server and where you place your files. Nothing is > unique to .NET here - this is simply a function of how the technology works. > > Intro to SSL here: > > http://developer.netscape.com/docs/manuals/security/sslin/contents.htm > > > -- > Chris Jackson > Software Engineer > Microsoft MVP - Windows XP > Windows XP Associate Expert > -- > "Ivan Demkovitch" <i@d> wrote in message > news:O5e1p7ycDHA.1728@TK2MSFTNGP09.phx.gbl... > > > > "Chris Jackson" <chrisj@mvps.org> wrote in message > > news:egcrz1ycDHA.1880@TK2MSFTNGP10.phx.gbl... > > > > I like approach most sites use: > > > > They have > > > > <form name="loginForm" action="https://sss" method="post"> > > > > I wonder how can I do "action" parameter dinamic from my ASP.NET ? > > > > > > You just need to remove the runat=server attribute from the form tag and > > you > > > can do this. > > > > I don't have any > > > > >ASP.NET wraps an object oriented framework around these pages - > > > so you define the variables and then use the same variables to access > the > > > data you collect in the postback. If you post to another page, you don't > > get > > > to do this - you just iterate through the collections that are passed > the > > > same way you did 5 years ago. > > > > What collection? I wasn't in web dev 5 years ago... > > > > > want to consider > > > re-thinking the way you do things using this new paradigm. You might > find > > > that you like it better - I know that I certainly did, once I got used > to > > > it. > > > > I certanly want to do it right way. > > > > Here is my scenario: > > > > I have portal which does not have secure data right now. However, it allow > > user to setup preferences. > > Soon, I will be adding online store and want same users to be able use it. > I > > need "Login" block on main page (which is not secure) > > From what I understand there is no build-in way for providing SSL for > users > > other then redirecting post to different page (from secured place). > > > > In .NET I would have to create separate Login only page for this... > > > > Any other ideas on how this could be done? > > > > > > > > > > > > > > > > > > > > > >
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |