473,513 Members | 2,266 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Navigation and security location.href and server.transfer

Hi,

Is there any difference in handling the site navigation by using
location.href or by using server.transfer?

window.location.href = '<%=Response.ApplyAppPathModifier("~/MyAccount.aspx")
%>';

or

Server.Transfer(Response.ApplyAppPathModifier("~/MyAccount.aspx"))

What's the difference? Is there a difference in security when using Forms
authentication or Windows Authentication is security affected by using
location.href or server.transfer?

Thanks in advance,

Richard
Jun 22 '07 #1
2 4546
using location causes are parse of the page then a request for the new
page. you should use redirect instead as this is just a header.
server transfer does not cause a second request, its just a way to pass
control from one page class instance to another. its main disadvantages
are the url in the browser does not match, and a refresh causes a
postback (with waring).

forms authentication uses a cookie or munged url to pass an
authentication token. if you don't use ssl, then it can hijacked with a
sniffer. with ssl it can be hijacked if the computer has shared access.

windows authentication is more secure. every page is authenticated with
challenge/response dialog. unless the password is short, its very hard
to break. the main disadvantage is some proxies don't support it and its
more chatty.

kerberos has the advantages of windows authentication, wider support and
allows credentials forwarding.
-- bruce (sqlwork.com)
Richard wrote:
Hi,

Is there any difference in handling the site navigation by using
location.href or by using server.transfer?

window.location.href = '<%=Response.ApplyAppPathModifier("~/MyAccount.aspx")
%>';

or

Server.Transfer(Response.ApplyAppPathModifier("~/MyAccount.aspx"))

What's the difference? Is there a difference in security when using Forms
authentication or Windows Authentication is security affected by using
location.href or server.transfer?

Thanks in advance,

Richard
Jun 22 '07 #2
Thanks, great explanation by Bruce. I forgot in the original post to ask
about Response.Redirect() is it the same as Server.Transfer() ? Which is the
best way?

Thanks in advance,

Richard

"bruce barker" wrote:
using location causes are parse of the page then a request for the new
page. you should use redirect instead as this is just a header.
server transfer does not cause a second request, its just a way to pass
control from one page class instance to another. its main disadvantages
are the url in the browser does not match, and a refresh causes a
postback (with waring).

forms authentication uses a cookie or munged url to pass an
authentication token. if you don't use ssl, then it can hijacked with a
sniffer. with ssl it can be hijacked if the computer has shared access.

windows authentication is more secure. every page is authenticated with
challenge/response dialog. unless the password is short, its very hard
to break. the main disadvantage is some proxies don't support it and its
more chatty.

kerberos has the advantages of windows authentication, wider support and
allows credentials forwarding.
-- bruce (sqlwork.com)
Richard wrote:
Hi,

Is there any difference in handling the site navigation by using
location.href or by using server.transfer?

window.location.href = '<%=Response.ApplyAppPathModifier("~/MyAccount.aspx")
%>';

or

Server.Transfer(Response.ApplyAppPathModifier("~/MyAccount.aspx"))

What's the difference? Is there a difference in security when using Forms
authentication or Windows Authentication is security affected by using
location.href or server.transfer?

Thanks in advance,

Richard
Jun 22 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
2039
dir navigation with php ftp functions
by: ebobnar | last post by:
I'm having trouble navigating my directory structure using php's ftp functions (such as ftp_chdir and ftp_cdup.) I'm writing a program that allows a user to easily create robot.txt files and upload...
PHP
1
2140
ASP/Security/data transfer/XML doubt
by: BijuThomas | last post by:
Complicated - ASP/Security/data transfer/XML doubt In our company Head office we are hosting an intranet server in IIS (Windows 2000) , ASP and Sqlserver back end. We are maintaining our branch...
ASP / Active Server Pages
1
1935
Under High IE Security buttons don't work
by: Gary D. Rezek | last post by:
Hi All, I've got a set of asp pages used to register students into the ResNet database. Testing things out under different browser security settings I ran into a problem. The following buttons.......
ASP / Active Server Pages
2
2528
Multipage - navigation
by: Child | last post by:
I have a page which has a tabbstrip and a multipage. The tab strip works great, and navigates the multipage no problem. However, I have a situation where I would like to have a "hidden"...
ASP.NET
0
1742
Slow record navigation
by: Andy_Khosravi | last post by:
I'm having a problem trying to optimize the performance of one of my A97 databases. I have very slow record navigation after a change I made to the table structure, and I'm not sure how best to...
Microsoft Access / VBA
3
4923
how to display inline navigation next to an img using css? works in IE not mozilla
by: Jannette | last post by:
I've got this to finally work in IE (its only taken me 2 days solid), but now mozilla isn't displaying the text on the same line as the image. I'm a newby at CSS, and I've think I've worked on trying...
HTML / CSS
10
2516
Navigation
by: EA | last post by:
I am sure I must be missing something about building navigation bars with CSS. Yes it is a very clever and efficient way to format navigation structures on simple one navigation level webs, i.e....
HTML / CSS
3
2086
All Menu Navigation
by: John | last post by:
Hi there, I was reading an article (http://avenuea-razorfish.com/articles/TheAll-MenuNavigation_Turbek.pdf) on 'all-menu navigation' and I'd like to try and implement this in my site. Can...
ASP.NET
3
2045
Can anyone help me with navigation.ssi menu file
by: smokymtnman | last post by:
I have a drop down menu that has grown so long that I am afraid it will be hidden at the bottom of the page. I am using a ssi file for navigation. I was wondering if I can use the same code but...
HTML / CSS
0
7265
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7171
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7545
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
7539
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
4751
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3240
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3228
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1605
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
461
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us