By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,028 Members | 1,784 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,028 IT Pros & Developers. It's quick & easy.

Passing user from unsecure to secure domain in asp.net

P: n/a
Hi All,

Firstly, apologies to anyone that notices the cross-post: i also
posted this in microsoft.public.dotnet.general earlier this week.

I have an ecommerce site that resides mainly on an unsecure server for
browsing the catalogue and only passes the user to a secure area when
its time checkout. The secure domain however is not located on the
same URL as the unsecure site - it is hosted on a virtual directory of
the ISP's secure domain.

The way i would have traditionally passed the user across to the
secure domain is by providing a POST form containing the users id as
well as a db stored, transfer string for security. The secure domain
application would then pick up the form values, verify the transfer
string and set up a new session on the secure domain.

However you cannot post away from a webform, as is the asp.net way.

Most of the advice when it comes to posting away from a web form is
that you shouldn't have to post away from a form, but i dont see
anyway around this.

I'm sure that i'm just not thinking about this in the right way and
there
is probably a simple answer - asp.net hasn't let me down yet!

I'd really appreciate any advice on this subject,

Thanks in advance,

Steve
Nov 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Generally, most of the time you don't need to post anyplace else, each page
can handle its own data. However, this isn't a law.

In your situation it seems reasonable that you would want to post your data
to the secure site.

"Stephen Bartholomew" <de**@2404.co.uk> wrote in message
news:7d**************************@posting.google.c om...
Hi All,

Firstly, apologies to anyone that notices the cross-post: i also
posted this in microsoft.public.dotnet.general earlier this week.

I have an ecommerce site that resides mainly on an unsecure server for
browsing the catalogue and only passes the user to a secure area when
its time checkout. The secure domain however is not located on the
same URL as the unsecure site - it is hosted on a virtual directory of
the ISP's secure domain.

The way i would have traditionally passed the user across to the
secure domain is by providing a POST form containing the users id as
well as a db stored, transfer string for security. The secure domain
application would then pick up the form values, verify the transfer
string and set up a new session on the secure domain.

However you cannot post away from a webform, as is the asp.net way.

Most of the advice when it comes to posting away from a web form is
that you shouldn't have to post away from a form, but i dont see
anyway around this.

I'm sure that i'm just not thinking about this in the right way and
there
is probably a simple answer - asp.net hasn't let me down yet!

I'd really appreciate any advice on this subject,

Thanks in advance,

Steve

Nov 18 '05 #2

P: n/a
Thanks for your responses.

Joe: I see what you're saying about multiple forms and the way you
mention is the technique i have used before. However as with most
things there are always multiple ways of doing things and i thought
that passing hidden data across servers/domains would have been
considered when developing asp.net.

I have, in the past, applied old techniques from my php days when
developing an application in asp.net, only to find out that there was
a much neater way of doing it.

I know it makes sense to just have client side forms outside of the
server-side form but you get into problems when:
o You have a form that, for display purposes, will fall inside the
server-side form
o You have a form that also contains a server side event controller

I'm sure there is a hack for getting around this; i found that
sticking a blank form (<form></form>) before the actual form will
enable following forms to post away from the page even if they are
inside the server-side form - that is of course just a tacky
work-around, not a solution.

Steve
"Joe Agster" <an*******@discussions.microsoft.com> wrote in message news:<94**********************************@microso ft.com>...
Whoever told you that you cannot post away from the current page in ASP.NET doesn't know what they're talking about. Tell them to put down their "Beginner's Guide to ASP.NET" from Joe W. Coder and try some real world coding sometime.

The truth is that only server-side forms (as in <form runat=server>) can only post to the same page. You can have as many <form> tags as you want without the runat=server attribute on your page.

Think about all those sites that have small, search boxes in their sidebar along with a hugh contact form on the page. Most have handler pages that display search results.

Joe Agster
www.geekyfrog.com

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.