All geek questions in one place

Problem with redirection in ASP.NET

I have one question about redirection in ASP.NET. I know how to redirect using the Redirect function on another ASP.NET page and read the parameters from the URL from the request, but I do not want GET, I need POST, I send identifiers to the URL, so the user does not need to see that How to redirect the POST method and read options in ASP.NET?

+3
source share
4 answers

Forwarding, by definition, is GET, you cannot redirect 301 or 302 using POST. If you are trying to prevent the user from seeing the value, you can save that value in the session and then retrieve it after the redirect. Although I already in the past tried to protect something, not allowing users to see that this is not the best approach (security through obscurity). You must take other measures to protect users from actions that they should not do, even if they know the meaning.

Even if I'm wrong, and you can redirect using POST, then the value should be part of the redirection, and therefore the user has a chance to find out about this if they use something to track HTTP traffic.

+3
source

POST . Javascript , , .

, a Server.Transfer . URL- , , , .

+3

, . : Cross-Page-Posting

+1

. , . . , , . .

On the first page, you can save your object in a session like this.

Session["yourSessionName"]=new Class1()
                               {
                                 variable1=...
                                 variable2=...
                               };

then

Response.Redirect("/yourSecoundPage.apsx");

On the second page you can check this as

    if (Session["yourSessionName"] is Class1)
    { 
         //Accept parameters 
    }
    else
         // Parameters not specified
0
source

Source: https://habr.com/ru/post/1783019/

More articles:


All Articles