POST Redirect to another Site

[Guest]

I am trying to create ASPX code which will allow me to redirect a user to
another site with POST data. I figure that the best way to do this is with
JavaScript to the client. Here's what I'm doing:

I have a JavaScript function that looks like this:

function DoPostRedir()
{
document.MainFrm.method = "POST";
document.MainFrm.action = "http://XXX.YYY.com/Help/";
document.MainFrm.submit();
}


In my ASPX CS code, I write a Hidden field to the Form.

But when I try to run this, the destination page of the POST (on a
completely different web server over which I will not have control in the
future) gives me this error:

"Validation of viewstate MAC failed. If this application is hosted by a Web
Farm or cluster, ensure that <machineKey> configuration specifies the same
validationKey and validation algorithm. AutoGenerate cannot be used in a
cluster."

I have a feeling that this has something to do with the fact that I'm
posting to a different server or something? Is it a security thing?

How do I build a nice, clean form and force it to be posted to another site
so that it really only contains the Hidden field of data that I want to pass
along?

Alex

 

[Guest]

I've done a little more experimentation and I've learned this: If I go to the
OTHER site which I am POSTing to and I set EnableViewStateMac="false", I stop
getting the error I mentioned below and everything works perfectly.

The problem is, I cannot control whet the OTHER sites I am POSTing to will
do - in fact, they may not be .NET at all.

In MY page, where I am writing the POST-Redirection JavaScript, I tried
setting EnableViewState="false", and yet when I look at the Page source, I
still have two hidden fields:

1. id="__VIEWSTATE"
2. id="__EVENTVALIDATION"

I think that these are causing the problem. How do I keep ASP.NET from
generating these?

Alex

 

[ThatsIT.net.au]

I am trying to create ASPX code which will allow me to redirect a user to
another site with POST data. I figure that the best way to do this is with
JavaScript to the client. Here's what I'm doing:

I have a JavaScript function that looks like this:

function DoPostRedir()
{
document.MainFrm.method = "POST";
document.MainFrm.action = "http://XXX.YYY.com/Help/";
document.MainFrm.submit();
}


In my ASPX CS code, I write a Hidden field to the Form.

But when I try to run this, the destination page of the POST (on a
completely different web server over which I will not have control in the
future) gives me this error:

"Validation of viewstate MAC failed. If this application is hosted by a
Web
Farm or cluster, ensure that <machineKey> configuration specifies the same
validationKey and validation algorithm. AutoGenerate cannot be used in a
cluster."

I have a feeling that this has something to do with the fact that I'm
posting to a different server or something? Is it a security thing?

seems like it

How do I build a nice, clean form and force it to be posted to another
site
so that it really only contains the Hidden field of data that I want to
pass
along?

Alex

I guess you want to use post so the data posted is not visible?

I also assume that because you say that you will not have access to the
server in the future you do have now?

why not make a page that accepts a query string but does not write to
screen, therefore it will not be visible but it can in return load data into
a session variable then redirect to another page with a POST form. the
second page can then load the form with the data from the session variable
and submit itself to the final page.

 

[Guest]

Ah, you see, the whole thing is that I need to POST to a series of Sites (not
my own). I don't know what they'll be doing. All I know is the URL of the
page to which I will POST on their site, and they know the FORM Field that
contains that data I am posting to them. That's all.

And everything is now working fine in terms of the JavaScript and all that
EXCEPT that I can'r seem to get rid of these nasty ViewState hidden fields!

 

[bruce barker]

asp.net always renders __viewstate. this is how it knows if it is a
postback. it know thats is a valid viewstate (rendered with the page and
not modified it is encrypted).

to post to a asp.net site your javascript should delete the viewstate node:

var v = document.getElementById('__VIEWSTATE');
v.parentNode.removeChild(v);

the asp.net will process the request, but IsPostback will be false, and
the data will have to be fetched from the forms collection.

-- bruce (sqlwork.com)

 

[Steven Cheng[MSFT]]

Hi Alex,

I agree with Bruce that the ViewState MAC validation is particular provided
by ASP.NET to ensure the VIewState data consistency and detect postback.
Also, you can add the script code (that will remove the hidden __ViewState
element) suggested by Bruce into your existing script. e.g.

======================
<script type="text/javascript">
function cltredirect(url)
{
document.form1.method = "POST";
document.form1.action = url;


var v = document.getElementById('__VIEWSTATE');
v.parentNode.removeChild(v);

document.form1.submit();
}

</script>
====================

this can help avoid MAC validation error if the target redirection url is
of ASP.NET page.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.