We use standard asp.net forms authentication. Some pages require the user to log in; and at least some of these pages are provided by https. At the top of each page is a search control. When this is used, we don’t care if the user’s session has ended, even if the current page requires a login.
However, at present, when performing a search, the built-in forms authentication verifies that the page being posted to requires authentication and redirects the user to the login page from the previous page, and not to the search results page as a referrer.
What is the best way to bypass security here? I considered publishing on another page using the PostBackUrl property, but if it is not https, you get a message "you are sending data to an insecure connection" that users don’t like.
Thanks for any help.
Edit: Thanks to Nick for your suggestion to use GET on the search page. We do this already, but the query string is built using the input control, and then redirected. How can we create a query string without using postback? (Obviously javascript is an option, but I was hoping to find an alternative mechanism.)
source
share