By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,619 Members | 1,712 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,619 IT Pros & Developers. It's quick & easy.

Server.Transfer Suggestions for Login

P: n/a
I have a Login.aspx page that takes care of all my login procedures
(validation, lockouts, password change requirements, password
retrieval, etc.) It works like a charm. However, now I'd like a "quick
login" control to appear in the banner at the top of my master page.
This control will just have a username and password textbox and login
button. I want to reuse all the same code. Plus, if the credentials
are incorrect, or additional actions are needed (e.g., a required
password change), I'd like the user to land on my normal Login page to
perform all the actions.

I don't want to have to duplicate any login code. My initial attempt
is by using Server.Transfer in the click event of the login button of
my "quick login" control. In the Page_Load (not postback) of my normal
Login page, I sniff out any username/password form fields. If they
exist, I assign them to the username and password fields of the login
page and simply call the btnLogin_Click() method. This works great. If
the login is successul, btnClick_Login() redirects the user to the
ReturnUrl querystring value (which I also pass with server.transfer).
If it's not, or additional measures are needed, the user remains on my
Login.aspx page and the code handles evrything else.

However, MSDN docs say not to pass sensitive information such as CC
numbers or passwords when using Server.Transfer. My question is, why
not? How is transferring the request from one page in my app to
another any less secure than the user entering the fields and
submitting them like usual? If anything, I could encrypt the password
before the server transfer which would then be decrypted by the Login
page. But is it really necessary?

If there is a better way to accomplish what I'm trying to do, please
let me know.

Thanks,

Jason
Jun 27 '08 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.