Tutorial :ASP.NET Membership Force HTTPS on PostBack



Question:

I have a login form on the home page of an ASP.NET 3.5 website which for performance reasons needs to be accessed with a standard HTTP connection. Since the normal postback for an ASP.NET page is relative call for the post, it would mean that when the browser posts the values are sent unprotected.

I would like to do one of two things to make this secure:

  1. Force the Postback to be secure to the same page
  2. Send the post to a different page using an HTTPS connection

Is there a way to implement option one?

I'm also looking at the Authentication Service, but looking at the URL reference it is using a relative path:

Sys.Services._AuthenticationService.DefaultWebServicePath = '../Authentication_JSON_AppService.axd';  

I don't see a way to override this to put in an HTTP path.


Solution:1

You can change the form's action property with javascript to tell it to submit to a different page with https. I have done this and it works nicely.

You could also change it to submit to the same page with https, but I think asp.net would complain about that (not sure - never tried it).

sample script:

document.forms[0].action = "https://www.whatever.com/submit_page.aspx";  


Solution:2

You could use Cross-Page posting:

http://msdn.microsoft.com/en-us/library/ms178139.aspx


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »