Webform does have validation to ensure that the data is being posted
to itself by checking a hash value in the viewstate.
However, I don't think posting to another webform will make your web
application less secure.
ASP.NET does have a few additional feature the makes it easier to
implement a secure web application. However, ASP.NET alone will not
make your website very secure. You will still need to have a secure
infrastructure that is independent of ASP.NET, such as using firewall,
intrusion detection system, SSL, machine configurations...
I think you will be able to port all your existing code from ASP to
ASP.NET without posting any new security risk to your system.
One questions I have is that how third page knows when the processing
of creating an AD user is complete? Does it pool the web server
constantly?
Tommy,
[quoted text, click to view] "Bill Smith" <no@spam.com> wrote in message news:<uWzHjtq#DHA.684@tk2msftngp13.phx.gbl>...
> I have a ASP webpage that creates user accounts. It currently use the format
> as follows.
>
> First Page:
> Input boxes that get Firstname and Lastname and Department etc.
> JavaScript Validation
> If correct posts information to Second Page
>
> Second Page:
> Makes a username, email address and displayname from given info then checks
> active directory to see if it exists. If it does exist it try's again until
> it finds a unused one.
> Then posts to third page:
>
> Third Page:
> Popup Window
> Displays the progress of creating the AD account and setting all the
> information.
> Once complete sends email and closes.
>
> I want to convert this to ASP.NET. The problem is I want to keep it very
> secure. Im reading I should posts each page to itself to get the most out of
> ASP.NET.
>
> Any ideas on the best way to go at this.
> Thanks
>
Posting back to the same page will probably be the best.
You could have everything on one page, but just hide what you don't
want the user to see. IIS will remember all the values for the hidden
fields but the user won't be able to see them.
You could also make three user controls, one for each page. It would
be just like above, but you would only have to show/hide the user
control instead of many input controls.
Hope this helps,
Neil
[quoted text, click to view] "Bill Smith" <no@spam.com> wrote in message news:<uWzHjtq#DHA.684@tk2msftngp13.phx.gbl>...
> I have a ASP webpage that creates user accounts. It currently use the format
> as follows.
>
> First Page:
> Input boxes that get Firstname and Lastname and Department etc.
> JavaScript Validation
> If correct posts information to Second Page
>
> Second Page:
> Makes a username, email address and displayname from given info then checks
> active directory to see if it exists. If it does exist it try's again until
> it finds a unused one.
> Then posts to third page:
>
> Third Page:
> Popup Window
> Displays the progress of creating the AD account and setting all the
> information.
> Once complete sends email and closes.
>
> I want to convert this to ASP.NET. The problem is I want to keep it very
> secure. Im reading I should posts each page to itself to get the most out of
> ASP.NET.
>
> Any ideas on the best way to go at this.
> Thanks
>
Bill
You don't need to post between pages but effectively put each old page onto
a panel control on one single new page. The next/back buttons will then
allow you to move backwards and forwards by turning on and off the different
panel controls on the same page. The information from one panel to the next
is stored within the view state of the page and does not appear in the url
string. If you need to be really careful you can store the view state on a
separate SQL server database or I believe(?) the session state on the
server. I don't know which option would be most appropriate for your
situation.
Its really very simple - create a test page, drag on a couple of panels, add
some text to each, and then alter the visible state of each panel using a
button and it will all become clear.
Martyn Fewtrell
http://www.networkclub.co.uk [quoted text, click to view] "Bill Smith" <no@spam.com> wrote in message
news:uWzHjtq%23DHA.684@tk2msftngp13.phx.gbl...
> I have a ASP webpage that creates user accounts. It currently use the
format
> as follows.
>
> First Page:
> Input boxes that get Firstname and Lastname and Department etc.
> JavaScript Validation
> If correct posts information to Second Page
>
> Second Page:
> Makes a username, email address and displayname from given info then
checks
> active directory to see if it exists. If it does exist it try's again
until
> it finds a unused one.
> Then posts to third page:
>
> Third Page:
> Popup Window
> Displays the progress of creating the AD account and setting all the
> information.
> Once complete sends email and closes.
>
> I want to convert this to ASP.NET. The problem is I want to keep it very
> secure. Im reading I should posts each page to itself to get the most out
of
> ASP.NET.
>
> Any ideas on the best way to go at this.
> Thanks
>
> Bill
>
>
Bill,
Browse this URL:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbtskpassingvaluesbetweenwebformspages.asp
This will explain you how to pass values from one page to another in aspx
pages.
This will help you check it out.
aRvind
[quoted text, click to view] "Bill Smith" <no@spam.com> wrote in message
news:uWzHjtq%23DHA.684@tk2msftngp13.phx.gbl...
> I have a ASP webpage that creates user accounts. It currently use the
format
> as follows.
>
> First Page:
> Input boxes that get Firstname and Lastname and Department etc.
> JavaScript Validation
> If correct posts information to Second Page
>
> Second Page:
> Makes a username, email address and displayname from given info then
checks
> active directory to see if it exists. If it does exist it try's again
until
> it finds a unused one.
> Then posts to third page:
>
> Third Page:
> Popup Window
> Displays the progress of creating the AD account and setting all the
> information.
> Once complete sends email and closes.
>
> I want to convert this to ASP.NET. The problem is I want to keep it very
> secure. Im reading I should posts each page to itself to get the most out
of
> ASP.NET.
>
> Any ideas on the best way to go at this.
> Thanks
>
> Bill
>
>
Don't see what you're looking for? Try a search.
