Passing user from unsecure to secure domain in asp.net

Stephen Bartholomew

Hi All,

Firstly, apologies to anyone that notices the cross-post: i also
posted this in microsoft.publi c.dotnet.genera l earlier this week.

I have an ecommerce site that resides mainly on an unsecure server for
browsing the catalogue and only passes the user to a secure area when
its time checkout. The secure domain however is not located on the
same URL as the unsecure site - it is hosted on a virtual directory of
the ISP's secure domain.

The way i would have traditionally passed the user across to the
secure domain is by providing a POST form containing the users id as
well as a db stored, transfer string for security. The secure domain
application would then pick up the form values, verify the transfer
string and set up a new session on the secure domain.

However you cannot post away from a webform, as is the asp.net way.

Most of the advice when it comes to posting away from a web form is
that you shouldn't have to post away from a form, but i dont see
anyway around this.

I'm sure that i'm just not thinking about this in the right way and
there
is probably a simple answer - asp.net hasn't let me down yet!

I'd really appreciate any advice on this subject,

Thanks in advance,

Steve

Nov 18 '05 #1

Subscribe Reply

1499

Marina

Generally, most of the time you don't need to post anyplace else, each page
can handle its own data. However, this isn't a law.

In your situation it seems reasonable that you would want to post your data
to the secure site.

"Stephen Bartholomew" <de**@2404.co.u k> wrote in message
news:7d******** *************** ***@posting.goo gle.com...

Hi All,

Firstly, apologies to anyone that notices the cross-post: i also
posted this in microsoft.publi c.dotnet.genera l earlier this week.

I have an ecommerce site that resides mainly on an unsecure server for
browsing the catalogue and only passes the user to a secure area when
its time checkout. The secure domain however is not located on the
same URL as the unsecure site - it is hosted on a virtual directory of
the ISP's secure domain.

The way i would have traditionally passed the user across to the
secure domain is by providing a POST form containing the users id as
well as a db stored, transfer string for security. The secure domain
application would then pick up the form values, verify the transfer
string and set up a new session on the secure domain.

However you cannot post away from a webform, as is the asp.net way.

Most of the advice when it comes to posting away from a web form is
that you shouldn't have to post away from a form, but i dont see
anyway around this.

I'm sure that i'm just not thinking about this in the right way and
there
is probably a simple answer - asp.net hasn't let me down yet!

I'd really appreciate any advice on this subject,

Thanks in advance,

Steve

Nov 18 '05 #2

Stephen Bartholomew

Thanks for your responses.

Joe: I see what you're saying about multiple forms and the way you
mention is the technique i have used before. However as with most
things there are always multiple ways of doing things and i thought
that passing hidden data across servers/domains would have been
considered when developing asp.net.

I have, in the past, applied old techniques from my php days when
developing an application in asp.net, only to find out that there was
a much neater way of doing it.

I know it makes sense to just have client side forms outside of the
server-side form but you get into problems when:
o You have a form that, for display purposes, will fall inside the
server-side form
o You have a form that also contains a server side event controller

I'm sure there is a hack for getting around this; i found that
sticking a blank form (<form></form>) before the actual form will
enable following forms to post away from the page even if they are
inside the server-side form - that is of course just a tacky
work-around, not a solution.

Steve
"Joe Agster" <an*******@disc ussions.microso ft.com> wrote in message news:<94******* *************** ************@mi crosoft.com>...

Whoever told you that you cannot post away from the current page in ASP.NET doesn't know what they're talking about. Tell them to put down their "Beginner's Guide to ASP.NET" from Joe W. Coder and try some real world coding sometime.

The truth is that only server-side forms (as in <form runat=server>) can only post to the same page. You can have as many <form> tags as you want without the runat=server attribute on your page.

Think about all those sites that have small, search boxes in their sidebar along with a hugh contact form on the page. Most have handler pages that display search results.

Joe Agster
www.geekyfrog.com

Nov 18 '05 #3

Similar topics

12634

HOW TO FORCE PASSING A REFERER

by: Jonathan Driller | last post by:

I am attempting to block repeat downloads from a site. I need to have a landing page pass a referer to a secured page. I have tried a meta refresh redirect and several Javascript redirect strategies but none pass the referer. How can I force this since the referer property is read only? I have set up an .htaccess file so it will only let people into a secure directory if they come from an internal page on my site. This is done by...

Javascript

4819

Secure and Unsecure Web Directories using Forms Authentication

by: Billy Jacobs | last post by:

I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my

.NET Framework

1176

Passing user from unsecure to secure domain in asp.net

by: Stephen Bartholomew | last post by:

Hi All, I have an ecommerce site that resides mainly on an unsecure server for browsing the catalogue and only passes the user to a secure area when its time checkout. The secure domain however is not located on the same URL as the unsecure site - it is hosted on a virtual directory of the ISP's secure domain. The way i would have traditionally passed the user across to the secure domain is by providing a POST form containing the...

.NET Framework

3104

Network access from ASPNET user

by: Dave Kolb | last post by:

Is there any other solution for an ASPNET application to access network resources other than running as SYSTEM, using delegation (a nightmare to get to work) or the COM+ solution? I cannot seem to impersonate a user and obtain network credentials using the DuplicateTokenEx call with appropriate parameters even though the call seems to not fail. I check my identity has changed but can only still do local commands. I would consider...

ASP.NET

1911

Are ASP.NET user interfaces essentially dead now?

by: Rob R. Ainscough | last post by:

VS 2005 I have: ClickOnce deployment User's that hate and or don't want to use an IE Client (don't blame them) I don't see how ASPX web pages are going to survive? With .NET 2.0 and clickonce deployment my app is 427KB (even with modem dialup speed it doesn't take long to download) -- the user gets a very friendly secure WindowsForm app (most of them don't even notice they're not under IE anymore) that performs considerably faster than...

ASP.NET

1952

How to I prevent a user from running a module twice (i.e. online voting) ?

by: Al Dykes | last post by:

I've got a voting script that's a little too simple. I can vote as as many times as I can click on the link in my browser. I'n not trying to write an official voting system but I would like to do something as simple as catching the user's IP address and remembering it for a time interval. That has it's own problems, but it would at least prevent double clicks. I can get the IP #, but how do I store it on a server? I can do a flat file...

PHP

1901

Passing Information Between Two ASP.NET Websites

by: anewell | last post by:

I need to build website on my webserver which has information securely passed to it from a web site running on a client's webserver. My client has a website that has a secure login process running under SSL. When a user has succesfully logged into that website they will be able to follow a link to my website. As part of this link I need an id of the user to be passed to my website so I know who the user is, I do

ASP.NET

5003

Cookie problem! Getting error when passing the expire date.

by: paul | last post by:

HI! I keep on getting this error and I have tried different things but I am not sure how to send the expiring date. The error that I am getting in Firefox 1.5 is "Error: expires.toGMTString is not a function" ---------------------------------------------------- I have this in a .js file and in the head section.

Javascript

3738

using HTTP to download files from a secure (or unsecure) directory

by: Gina_Marano | last post by:

Hey All, I need to download 1 or more files from a secure or unsecure website folder using HTTP. Here is what I have so far: public void GetHTTPImages() { WebClient HTTPClient = new WebClient();

C# / C Sharp

1846

Issues passing cookies between apps on same box

by: =?Utf-8?B?QW5keQ==?= | last post by:

Hi, I'm having issues with what I'm *sure* is a simple problem. Basically having a problem passing a cookie between two sites. On Site A you sign in, and create a cookie with the users ID in it When the user wants to purchase anything (and enter CC details) we want to pass the user to the secure site, which is on the same server. Alas the cookie is not being picked up on the secure site. a) Both sites are on the same box

ASP.NET

8425

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8522

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8622

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6177

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5647

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4173

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4333

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2745

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

1736

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General