Passing user from unsecure to secure domain in asp.net

  • Thread starter Stephen Bartholomew
  • Start date
S

Stephen Bartholomew

Hi All,

Firstly, apologies to anyone that notices the cross-post: i also
posted this in microsoft.public.dotnet.general earlier this week.

I have an ecommerce site that resides mainly on an unsecure server for
browsing the catalogue and only passes the user to a secure area when
its time checkout. The secure domain however is not located on the
same URL as the unsecure site - it is hosted on a virtual directory of
the ISP's secure domain.

The way i would have traditionally passed the user across to the
secure domain is by providing a POST form containing the users id as
well as a db stored, transfer string for security. The secure domain
application would then pick up the form values, verify the transfer
string and set up a new session on the secure domain.

However you cannot post away from a webform, as is the asp.net way.

Most of the advice when it comes to posting away from a web form is
that you shouldn't have to post away from a form, but i dont see
anyway around this.

I'm sure that i'm just not thinking about this in the right way and
there
is probably a simple answer - asp.net hasn't let me down yet!

I'd really appreciate any advice on this subject,

Thanks in advance,

Steve
 
M

Marina

Generally, most of the time you don't need to post anyplace else, each page
can handle its own data. However, this isn't a law.

In your situation it seems reasonable that you would want to post your data
to the secure site.
 
S

Stephen Bartholomew

Thanks for your responses.

Joe: I see what you're saying about multiple forms and the way you
mention is the technique i have used before. However as with most
things there are always multiple ways of doing things and i thought
that passing hidden data across servers/domains would have been
considered when developing asp.net.

I have, in the past, applied old techniques from my php days when
developing an application in asp.net, only to find out that there was
a much neater way of doing it.

I know it makes sense to just have client side forms outside of the
server-side form but you get into problems when:
o You have a form that, for display purposes, will fall inside the
server-side form
o You have a form that also contains a server side event controller

I'm sure there is a hack for getting around this; i found that
sticking a blank form (<form></form>) before the actual form will
enable following forms to post away from the page even if they are
inside the server-side form - that is of course just a tacky
work-around, not a solution.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
Want to host websites that I will probably be the only user from home. Sacrilege, I know, but it has always been a dream of mine. Where do I start? 2
Passing flask textbox value to an infinite while loop 0
How to push data from one HTML page to another 4
PDF secure/unsecure 2
Secure Folders 2
Redirect from secure server to unsecure server after login. 1
Secure an ASPX page 4

Members online

No members online now.
Total: 79 (members: 0, guests: 79)
Robots: 463

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top