Posting to another page question

[Ivan Demkovitch]

Hi!

I have Portal application which is on http. However I like to do user
authentification using SSL

I like approach most sites use:

They have

<form name="loginForm" action="https://sss" method="post">
...

I wonder how can I do "action" parameter dinamic from my ASP.NET ?

Next question is how to actually read values when it get's posted to
"https://sss"

Another question is
If I authentificated user and want to go to exactly same place user came
from (original [url]http://aaa[/url]) How do I get this address ?

Also, I want to maintain same Session. All user credentials will be stored
there.

Is it correct approach to securing user login/password ?

[Chris Jackson]

> I like approach most sites use:

> They have
> <form name="loginForm" action="https://sss" method="post">
> I wonder how can I do "action" parameter dinamic from my ASP.NET ?

You just need to remove the runat=server attribute from the form tag and you
can do this. ASP.NET wraps an object oriented framework around these pages -
so you define the variables and then use the same variables to access the
data you collect in the postback. If you post to another page, you don't get
to do this - you just iterate through the collections that are passed the
same way you did 5 years ago. You can keep on doing it the old way (in which
case you can no longer use web controls) but you may want to consider
re-thinking the way you do things using this new paradigm. You might find
that you like it better - I know that I certainly did, once I got used to
it.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--

[Ivan Demkovitch]

"Chris Jackson" <chrisj@mvps.org> wrote in message
news:egcrz1ycDHA.1880@TK2MSFTNGP10.phx.gbl...

> > I like approach most sites use:
> > They have
> > <form name="loginForm" action="https://sss" method="post">
> > I wonder how can I do "action" parameter dinamic from my ASP.NET ?

>
> You just need to remove the runat=server attribute from the form tag and

you

> can do this.

I don't have any

>ASP.NET wraps an object oriented framework around these pages -
> so you define the variables and then use the same variables to access the
> data you collect in the postback. If you post to another page, you don't

get

> to do this - you just iterate through the collections that are passed the
> same way you did 5 years ago.

What collection? I wasn't in web dev 5 years ago...

> want to consider
> re-thinking the way you do things using this new paradigm. You might find
> that you like it better - I know that I certainly did, once I got used to
> it.

I certanly want to do it right way.

Here is my scenario:

I have portal which does not have secure data right now. However, it allow
user to setup preferences.
Soon, I will be adding online store and want same users to be able use it. I
need "Login" block on main page (which is not secure)
From what I understand there is no build-in way for providing SSL for users
other then redirecting post to different page (from secured place).

In .NET I would have to create separate Login only page for this...

Any other ideas on how this could be done?

[Chris Jackson]

This isn't a problem that is unique to .NET - it's the same for any web site
you develop. .NET is only the environment you use to program the server - it
has no effect on what the client sees, which is still just plain old DHTML.

If you want to have just the login page encrypted, you can post to an SSL
page and make that happen. Alternately, if you want to simply have it post
back to itself, you need to have that page itself using SSL. SSL is not
something you provide - you simply need to have an https page on a certified
server. There is no configuration of the page, per se, but simply a
configuration of your server and where you place your files. Nothing is
unique to .NET here - this is simply a function of how the technology works.

Intro to SSL here:

[url]http://developer.netscape.com/docs/manuals/security/sslin/contents.htm[/url]


--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
"Ivan Demkovitch" <i@d> wrote in message
news:O5e1p7ycDHA.1728@TK2MSFTNGP09.phx.gbl...

>
> "Chris Jackson" <chrisj@mvps.org> wrote in message
> news:egcrz1ycDHA.1880@TK2MSFTNGP10.phx.gbl...

> > > I like approach most sites use:
> > > They have
> > > <form name="loginForm" action="https://sss" method="post">
> > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?

> >
> > You just need to remove the runat=server attribute from the form tag and

> you

> > can do this.

>
> I don't have any
>

> >ASP.NET wraps an object oriented framework around these pages -
> > so you define the variables and then use the same variables to access

the

> > data you collect in the postback. If you post to another page, you don't

> get

> > to do this - you just iterate through the collections that are passed

the

> > same way you did 5 years ago.

>
> What collection? I wasn't in web dev 5 years ago...
>

> > want to consider
> > re-thinking the way you do things using this new paradigm. You might

find

> > that you like it better - I know that I certainly did, once I got used

to

> > it.

>
> I certanly want to do it right way.
>
> Here is my scenario:
>
> I have portal which does not have secure data right now. However, it allow
> user to setup preferences.
> Soon, I will be adding online store and want same users to be able use it.

I

> need "Login" block on main page (which is not secure)
> From what I understand there is no build-in way for providing SSL for

users

> other then redirecting post to different page (from secured place).
>
> In .NET I would have to create separate Login only page for this...
>
> Any other ideas on how this could be done?
>
>
>
>
>
>
>
>
>
>

[Ivan Demkovitch]

Chris,

Thank you for response.

I managed to make it work. However I have following problem:

1. Page posts to secured page fine (I assume user info is securely
transmitted and I don't miss anything here)
2. I have following code(in secured page):
Response.Redirect ("http://ivand/ASPNET/Default.aspx");

This suppose to redirect me back to main page (Main page load's depending on
security already saved in session)

But I get warning: "You are about to be redirected to a connection that is
not secure ...."

I understand why, but is there is any way to accomplish this without this
messages ??




"Chris Jackson" <chrisj@mvps.org> wrote in message
news:e3MlU17cDHA.2960@tk2msftngp13.phx.gbl...

> This isn't a problem that is unique to .NET - it's the same for any web

site

> you develop. .NET is only the environment you use to program the server -

it

> has no effect on what the client sees, which is still just plain old

DHTML.

>
> If you want to have just the login page encrypted, you can post to an SSL
> page and make that happen. Alternately, if you want to simply have it post
> back to itself, you need to have that page itself using SSL. SSL is not
> something you provide - you simply need to have an https page on a

certified

> server. There is no configuration of the page, per se, but simply a
> configuration of your server and where you place your files. Nothing is
> unique to .NET here - this is simply a function of how the technology

works.

>
> Intro to SSL here:
>
> [url]http://developer.netscape.com/docs/manuals/security/sslin/contents.htm[/url]
>
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows XP
> Windows XP Associate Expert
> --
> "Ivan Demkovitch" <i@d> wrote in message
> news:O5e1p7ycDHA.1728@TK2MSFTNGP09.phx.gbl...

> >
> > "Chris Jackson" <chrisj@mvps.org> wrote in message
> > news:egcrz1ycDHA.1880@TK2MSFTNGP10.phx.gbl...

> > > > I like approach most sites use:
> > > > They have
> > > > <form name="loginForm" action="https://sss" method="post">
> > > > I wonder how can I do "action" parameter dinamic from my ASP.NET ?
> > >
> > > You just need to remove the runat=server attribute from the form tag

and

> > you

> > > can do this.

> >
> > I don't have any
> >

> > >ASP.NET wraps an object oriented framework around these pages -
> > > so you define the variables and then use the same variables to access

> the

> > > data you collect in the postback. If you post to another page, you

don't

> > get

> > > to do this - you just iterate through the collections that are passed

> the

> > > same way you did 5 years ago.

> >
> > What collection? I wasn't in web dev 5 years ago...
> >

> > > want to consider
> > > re-thinking the way you do things using this new paradigm. You might

> find

> > > that you like it better - I know that I certainly did, once I got used

> to

> > > it.

> >
> > I certanly want to do it right way.
> >
> > Here is my scenario:
> >
> > I have portal which does not have secure data right now. However, it

allow

> > user to setup preferences.
> > Soon, I will be adding online store and want same users to be able use

it.

> I

> > need "Login" block on main page (which is not secure)
> > From what I understand there is no build-in way for providing SSL for

> users

> > other then redirecting post to different page (from secured place).
> >
> > In .NET I would have to create separate Login only page for this...
> >
> > Any other ideas on how this could be done?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >

>
>