server.transfer and forms authentication

G

Guest

hi there,

my app needs to retrieve a value from a previously viewed page. The user
moves between pages on the site with the server.transfer method doing the
legwork. This works fine.

The problem comes from getting values from a particular page; which does not
use the server.transfer command. This page is for logging in, and is the page
a user is redirected to when accessing the site. They are redirected there by
the web.config file which uses forms authentication. As the logon page uses
the line

FormsAuthentication.RedirectFromLoginPage(string userName, bool
createPersistentCookie);

to redirect the user; the parameters of the logon screen are not saved from
the class meaning i cant access them. What would be a sensible way to get
round this ? I need it passed securely as i want the password; so posting it
in the url is out.

I thought to authenticate the user then direct them to a specific welcome
page. How/Can this be done whilst satisfying the web.config file for
authenticating a user.

Any help greatly appreciated,

H
 
G

Grant Merwitz

Instead of using:
FormsAuthentication.RedirectFromLoginPage
(which i believe is a Response.Redirect)

Rather use
FormsAuthentication.SetAuthCookie

you can then call Server.Transfer yourself

HTH
 
J

Joey

You can stick whatever you want in the Session state and then retrieve
it later from any page in your app...

To store:

this.Session["MyStoredValue"] = "Hello World!";

To retrieve:

string HelloWorld = this.Session["MyStoredValue"].ToString();
 
G

Guest

This method is definately the easiest. But is the method secure ? are the
values hidden ? if not can i encrypt them ?
 
G

Grant Merwitz

You can most definately encrypt them, and if they are a security risk you
should!

You can also store values you want into a FormAuthenticationTicket, which
you can use the FormsAuthentication encryption to encrypt
(that is if you choose not to use sessions)


java.equals(cool) said:
This method is definately the easiest. But is the method secure ? are the
values hidden ? if not can i encrypt them ?



Joey said:
You can stick whatever you want in the Session state and then retrieve
it later from any page in your app...

To store:

this.Session["MyStoredValue"] = "Hello World!";

To retrieve:

string HelloWorld = this.Session["MyStoredValue"].ToString();
Click to expand...
Click to expand...
 
G

Guest

great. thanks very much guys

Grant Merwitz said:
You can most definately encrypt them, and if they are a security risk you
should!

You can also store values you want into a FormAuthenticationTicket, which
you can use the FormsAuthentication encryption to encrypt
(that is if you choose not to use sessions)


java.equals(cool) said:
This method is definately the easiest. But is the method secure ? are the
values hidden ? if not can i encrypt them ?



Joey said:
You can stick whatever you want in the Session state and then retrieve
it later from any page in your app...

To store:

this.Session["MyStoredValue"] = "Hello World!";

To retrieve:

string HelloWorld = this.Session["MyStoredValue"].ToString();
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication 4
How to bypass forms-based authentication 0
Forms Authentication Redirecting to Login 1
Forms Authentication not Redirecting 1
Problem with my forms authentication 1
Forms authentication and membership 0
Forms Authentication vs MembershipProvider 5
Conditional forms authentication 1

Members online

Total: 96 (members: 2, guests: 94)
Robots: 309

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,817
Latest member
DicWeils

Latest Threads

Top