Server.Transfer () and authorization

Mike Placentra II

Hi. When using Server.Transfer () to switch the request to a specific
web form (as opposed to a class implementing IHttpHandler, if it makes
any difference), do I have to do something special to have
Request.IsAutho rized set properly?

When searching for a solution I read that Server.Transfer () does not
invoke the AuthorizeReques t event or something. Is there maybe a way
to make that happen since the request is being transferred to a web
form?

My reasons for not using Response.Redire ct() are not just cosmetic,
but otherwise I would have switched to that already.

Thanks,
-Mike Placentra II

Dec 20 '07 #1

Subscribe Reply

1640

Michael Nemtsev [MVP]

Hello Mike,

yep, you are right, Server.Transfer doesnt support authorization and u need
to use Response.Redire ct
or check authorization manually before making transfer

---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo
MPHi. When using Server.Transfer () to switch the request to a specific
MPweb form (as opposed to a class implementing IHttpHandler, if it
MPmakes any difference), do I have to do something special to have
MPRequest.IsAut horized set properly?
MP>
MPWhen searching for a solution I read that Server.Transfer () does not
MPinvoke the AuthorizeReques t event or something. Is there maybe a way
MPto make that happen since the request is being transferred to a web
MPform?
MP>
MPMy reasons for not using Response.Redire ct() are not just cosmetic,
MPbut otherwise I would have switched to that already.
MP>
MPThanks,
MP-Mike Placentra II

Dec 20 '07 #2

Alexey Smirnov

On Dec 20, 3:51 am, Mike Placentra II
<nothingsorigin alontheinter... @gmail.comwrote :

Hi. When using Server.Transfer () to switch the request to a specific
web form (as opposed to a class implementing IHttpHandler, if it makes
any difference), do I have to do something special to have
Request.IsAutho rized set properly?

When searching for a solution I read that Server.Transfer () does not
invoke the AuthorizeReques t event or something. Is there maybe a way
to make that happen since the request is being transferred to a web
form?

My reasons for not using Response.Redire ct() are not just cosmetic,
but otherwise I would have switched to that already.

Thanks,
-Mike Placentra II

Quote: http://msdn2.microsoft.com/en-us/lib...xx(vs.80).aspx

ASP.NET does not verify that the current user is authorized to view
the resource that is delivered by the Transfer method. Although the
ASP.NET authorization and authentication logic runs before the
original resource handler is called, ASP.NET directly calls the
handler indicated by the Transfer method and does not rerun
authentication and authorization logic for the new resource. If the
security policy for your application requires clients to have proper
authorization to access the resource, the application should force
reauthorization or provide a custom access-control mechanism.

You can force reauthorization by using the Redirect method instead of
the Transfer method. The Redirect method performs a client-side
redirect in which the browser requests the new resource. Because this
redirect is a new request entering the system, it is subjected to all
the authentication and authorization logic of both the IIS and ASP.NET
security policy.

You can verify that the user has permission to view the resource by
incorporating a custom authorization method that uses the IsInRole
method before the application calls the Transfer method.

Dec 20 '07 #3

Similar topics

5389

Server Error in '/' Application. -> web.config

by: tommy | last post by:

hello everbody, i write a little asp-application with forms-authentication. i copy my aspx-files with web.config to my webspace and i get the error above... i tried to set the custom-errors-tag ="off" but nothing happens.... what is my failure????

ASP.NET

375

Server Error in '/' Application.

by: Sean | last post by:

HI There, I am having trouble deploying my .aspx pages to a remote server, I have made changes to the config file and it still returns an error. I have also contacted the server administrator to create an application in IIS, what other checks can I make? Sean !-- error mesage

ASP.NET

807

HTTP/1.1 500 Internal Server Error

by: Niranjan Roy | last post by:

When trying to create Web application project from inside my Visual Studio.Net, I am getting the following error: --------------------------- Microsoft Development Environment --------------------------- The Web server reported the following error when attempting to create or

ASP.NET

1287

Server Transfer To Windows Forms Authenticated Application

by: Ryan | last post by:

Hello, I am having a really strange issue, I have folder containing an ASP.NET application. (The folder's name is Web) The root directory of the whole site I have an Index.aspx page that contains: <% Server.Transfer("Web\Default.aspx") %>

ASP.NET

12516

Calling a Web Service hosted on a Web Logic server from a C# SOAP client

by: Nate | last post by:

We are attempting to make a request to a web service (we will refer to it as XXXServices) hosted on a Web Logic server from a C# SOAP client. The server responds with a 401 Unauthorized error (that appears in plain text), and causes the client to crash. This C# code has been deployed both as an ASP.NET application and a WinForms app, each of which produced the same result. Further, moving the clients from a Windows XP machine to Windows...

.NET Framework

2913

Is There a Client/Server Version of Access ?

by: B1ackwater | last post by:

We've fooled around with Access a bit, but only using the single-user store-bought version. It seems to be a good database - versatile and infinitely programmable - and can apparently be used as a front end to SQL server if we ever needed to go that route. But - is there a client/server version of Access ? Looking on the CDW site there is a bewildering variety of packages and licences and such, but we can't figure out just which do...

Microsoft Access / VBA

6956

Download the JAVA , .NET and SQL Server interview with answers

by: Jobs | last post by:

Download the JAVA , .NET and SQL Server interview with answers Download the JAVA , .NET and SQL Server interview sheet and rate yourself. This will help you judge yourself are you really worth of attending interviews. If you own a company best way to judge if the candidate is worth of it. http://www.questpond.com/InterviewRatingSheet.zip

C# / C Sharp

3407

Sun Java System Directory Server Authentication

by: troywalker | last post by:

I am new to LDAP and Directory Services, and I have a project that requires me to authenticate users against a Sun Java System Directory Server in order to access the application. I have found dozens of examples of how to authenticate users against Active Directory, but AD seems to be a different animal than Sun Java System Directory Server. Could someone provide me with an example of how to authenticate a user against a Directory...

C# / C Sharp

8686

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9173

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

9033

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8911

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8882

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6533

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5872

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4375

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

2009

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General