hi
newbie in web design I got some issue concerning a secure redirection
between 2 pages
let say I have a page with a grid (the 'master' page)
in this grid I can select a record, get its pk
then I redirect to another page (the 'detail' page) with the pk as
parameter
like : Response.Redirect("~/details.aspx?idKit=mypk")
during the detail page loading, the idKit is precessed to load or create the
detail records acccording to the idKit value
(in fact there can be other optional parameters)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
Handles Me.Load
If Not Page.IsPostBack Then
If IsNothing(Request.Params("idKit")) Then
Response.Redirect("~/erreur/NoAccess.htm")
End If
hfURL.Value = Request.ServerVariables("HTTP_REFERER")
hfKit.Value = Request.Params("idKit")
...... some processing
End If
End Sub
So nothing special, except that one can access manually and directly to the
'detail' page with "../details.aspx?idKit=x"
if "x" exists as a pk in the master table, he will be able to modifie/create
details records without any control
I would like to know if there is a simple way to control this redirection
problem
one more problem : this "detail" page is a generic page that is called by
many "master" pages so we can't test the calling page url
the master page url is simply saved and used to know where to redirect back
after the details processing
I would like to know if there is a simple to control the redirection to kown
if the access to the detail page (and the parameter) is legal
thanks a lot
4  1809 
Try using Server.Transfer(URL);
if you want to pass varaibles to that page, use the context object.
Context.Items.Add("IdKit", "x");
Then on the destination page, use Context.Items("IdKit") to retreive
the value.
psual wrote:
hi
newbie in web design I got some issue concerning a secure redirection
between 2 pages
let say I have a page with a grid (the 'master' page)
in this grid I can select a record, get its pk
then I redirect to another page (the 'detail' page) with the pk as
parameter
like : Response.Redirect("~/details.aspx?idKit=mypk")
during the detail page loading, the idKit is precessed to load or create the
detail records acccording to the idKit value
(in fact there can be other optional parameters)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
Handles Me.Load
If Not Page.IsPostBack Then
If IsNothing(Request.Params("idKit")) Then
Response.Redirect("~/erreur/NoAccess.htm")
End If
hfURL.Value = Request.ServerVariables("HTTP_REFERER")
hfKit.Value = Request.Params("idKit")
...... some processing
End If
End Sub
So nothing special, except that one can access manually and directly to the
'detail' page with "../details.aspx?idKit=x"
if "x" exists as a pk in the master table, he will be able to modifie/create
details records without any control
I would like to know if there is a simple way to control this redirection
problem
one more problem : this "detail" page is a generic page that is called by
many "master" pages so we can't test the calling page url
the master page url is simply saved and used to know where to redirect back
after the details processing
I would like to know if there is a simple to control the redirection to kown
if the access to the detail page (and the parameter) is legal
thanks a lot
thanks
"Siberwulf" <Si*******@gmail.coma écrit dans le message de news: 11**********************@f16g2000cwb.googlegroups. com...
Try using Server.Transfer(URL);
if you want to pass varaibles to that page, use the context object.
Context.Items.Add("IdKit", "x");
Then on the destination page, use Context.Items("IdKit") to retreive
the value.
psual wrote:
>hi
newbie in web design I got some issue concerning a secure redirection
between 2 pages
let say I have a page with a grid (the 'master' page)
in this grid I can select a record, get its pk
then I redirect to another page (the 'detail' page) with the pk as
parameter
like : Response.Redirect("~/details.aspx?idKit=mypk")
during the detail page loading, the idKit is precessed to load or create
the
detail records acccording to the idKit value
(in fact there can be other optional parameters)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs)
Handles Me.Load
If Not Page.IsPostBack Then
If IsNothing(Request.Params("idKit")) Then
Response.Redirect("~/erreur/NoAccess.htm")
End If
hfURL.Value = Request.ServerVariables("HTTP_REFERER")
hfKit.Value = Request.Params("idKit")
...... some processing
End If
End Sub
So nothing special, except that one can access manually and directly to
the
'detail' page with "../details.aspx?idKit=x"
if "x" exists as a pk in the master table, he will be able to
modifie/create
details records without any control
I would like to know if there is a simple way to control this redirection
problem
one more problem : this "detail" page is a generic page that is called by
many "master" pages so we can't test the calling page url
the master page url is simply saved and used to know where to redirect
back
after the details processing
I would like to know if there is a simple to control the redirection to
kown
if the access to the detail page (and the parameter) is legal
thanks a lot
wow that's very nice
with server.transfer(url) it seems easy to disallow direct access for some
pages or I'm doing wrong ?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
Handles Me.Load
If Not Page.IsPostBack Then
if Request.ServerVariables("HTTP_REFERER").ToString <>
Request.Url.ToString Then
Response.Redirect("~/erreur/NoAccess.htm")
endif
endif
.....
End Sub
"Siberwulf" <Si*******@gmail.coma écrit dans le message de news: 11**********************@f16g2000cwb.googlegroups. com...
Try using Server.Transfer(URL);
if you want to pass varaibles to that page, use the context object.
Context.Items.Add("IdKit", "x");
Then on the destination page, use Context.Items("IdKit") to retreive
the value.
psual wrote:
>hi
newbie in web design I got some issue concerning a secure redirection
between 2 pages
let say I have a page with a grid (the 'master' page)
in this grid I can select a record, get its pk
then I redirect to another page (the 'detail' page) with the pk as
parameter
like : Response.Redirect("~/details.aspx?idKit=mypk")
during the detail page loading, the idKit is precessed to load or create
the
detail records acccording to the idKit value
(in fact there can be other optional parameters)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs)
Handles Me.Load
If Not Page.IsPostBack Then
If IsNothing(Request.Params("idKit")) Then
Response.Redirect("~/erreur/NoAccess.htm")
End If
hfURL.Value = Request.ServerVariables("HTTP_REFERER")
hfKit.Value = Request.Params("idKit")
...... some processing
End If
End Sub
So nothing special, except that one can access manually and directly to
the
'detail' page with "../details.aspx?idKit=x"
if "x" exists as a pk in the master table, he will be able to
modifie/create
details records without any control
I would like to know if there is a simple way to control this redirection
problem
one more problem : this "detail" page is a generic page that is called by
many "master" pages so we can't test the calling page url
the master page url is simply saved and used to know where to redirect
back
after the details processing
I would like to know if there is a simple to control the redirection to
kown
if the access to the detail page (and the parameter) is legal
thanks a lot
Something I always do for anything that could be edited on a server, I
implement a membership system. That way I can associate a record with a
particular user(s) and I pass the user's id to my stored procedure along
with the primary key. If there's a match, in other word if the user account
has permission to access it, then I'll return results and can populate edit
forms. I do the same for updates as well, ensure that the user has the
ability to make the updates before actually updating. At least ASP.Net has
most of the membership functionality you could want easily available now.
--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006
"psual" <ps****@wanadoo.frwrote in message
news:ua**************@TK2MSFTNGP03.phx.gbl...
hi
newbie in web design I got some issue concerning a secure redirection
between 2 pages
let say I have a page with a grid (the 'master' page)
in this grid I can select a record, get its pk
then I redirect to another page (the 'detail' page) with the pk as
parameter
like : Response.Redirect("~/details.aspx?idKit=mypk")
during the detail page loading, the idKit is precessed to load or create
the detail records acccording to the idKit value
(in fact there can be other optional parameters)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
If IsNothing(Request.Params("idKit")) Then
Response.Redirect("~/erreur/NoAccess.htm")
End If
hfURL.Value = Request.ServerVariables("HTTP_REFERER")
hfKit.Value = Request.Params("idKit")
...... some processing
End If
End Sub
So nothing special, except that one can access manually and directly to
the 'detail' page with "../details.aspx?idKit=x"
if "x" exists as a pk in the master table, he will be able to
modifie/create details records without any control
I would like to know if there is a simple way to control this redirection
problem
one more problem : this "detail" page is a generic page that is called by
many "master" pages so we can't test the calling page url
the master page url is simply saved and used to know where to redirect
back after the details processing
I would like to know if there is a simple to control the redirection to
kown if the access to the detail page (and the parameter) is legal
thanks a lot
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Albert Ahtenberg |
last post by:
Hello,
I don't know if it is only me but I was sure that header("Location:url")
redirects the browser instantly to URL, or at least stops the execution of
the code. But appearantely it continues...
|
by: Gerard M Foley |
last post by:
Can one write a webpage which is not displayed but which simply redirects
the user to another page without any action by the user?
Sorry if this is simple, but I am sometimes simple myself.
...
|
by: Taki Jeden |
last post by:
Hello everybody
Does anybody know why w3c validator can not get pages that use 404 htaccess
redirection? I set up two web sites so that clients request non-existent
urls, but htaccess redirects...
|
by: Dimitrios Mpougas |
last post by:
Hello,
I have two asp.net pages. The first is a page (main.aspx) wich has four
links on it.
The href value of each link is:
href="view.aspx?id=1" traget="_blank"
href="view.aspx?id=2"...
|
by: Luciano A. Ferrer |
last post by:
Hi!
I was following the http://www.seomoz.org/articles/301-redirects.php
article, trying to do that with one of my test sites
I added this to the .htaccess file:
RewriteEngine On
RewriteCond...
|
by: souissipro |
last post by:
Hi,
I have written a C program that does some of the functionalities
mentionned in my previous topic posted some days ago. This shell
should:
1- execute input commands from standard input,...
|
by: comp.lang.php |
last post by:
require_once("/users/ppowell/web/php_global_vars.php");
if ($_GET) {
// INITIALIZE VARS
$fileID = @fopen("$userPath/xml/redirect.xml", 'r');
$stuff = @fread($fileID,...
|
by: postindex |
last post by:
Can I get whole commandline not only argument list.
1. When I command like this
$ a.py filename
2. sys.argv is returns only argument list
Is there a way to find out 'redirection'...
|
by: Massimo Fabbri |
last post by:
Maybe it's a little OT, but I'll give it try anyway....
I was asked to maintain and further develop an already existing small
company's web site.
I know the golden rule of "eternal" URIs, but...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
