当前位置: 文江博客话题详情

ASP.Net (C#) 如何从 HTTP 页面 POST 到 HTTPS

发布于 2024-07-15 02:10:55 字数 355 浏览 3 评论 0原文

C#3.0 ASP.NET 2.0 IIS6

我有一个常规的[非https]页面。 页面上有一个标准的 ASP.Net 表单。

不过,页面上有两个功能“区域”。 登录并“获取报价”。 登录页面需要POST到HTTPS,而页面的其余部分[包括“其他区域”]表单不能是HTTPS。 在 Java [JSP] 和常规 Html 中,我们只有两种形式。 一种发布到 HTTPS,另一种则不发布。

在 ASP.Net 中处理这个问题的方法是什么[从一页]。 我知道我可以链接到 HTTPS login.aspx 页面,但企业确实希望将上下文放在一起。

有任何想法吗?

谢谢,

原文

C# 3.0
ASP.Net 2.0
IIS6

I have a regular [non-https] page. There is the standard one ASP.Net form on the page.

There are two "areas" of functionality on the page though. Login and "Get Quote". The login page needs to POST to HTTPS while the rest of the page [including the "other area"] form can't be HTTPS. In Java [JSP] and regular Html, we would just have two forms. One that posts to HTTPS and one that doesn't.

What is the way to handle this in ASP.Net [from one page]. I know that I could link to an HTTPS login.aspx page, but the business really would like the context together.

Any ideas?

Thanks,

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

柒七 2024-07-22 02:10:55

解决方案是使用asp.net 指定“跨页回发”,即使用任何按钮控件(LinkBut​​ton、Button、ImageButton 等)的PostBackUrl 属性。 此属性允许您回发到您喜欢的任何页面。 只需将您的 PostBackUrl 设置为页面的 https 版本即可(还要确保没有活动的 url 重定向会在您的页面上强制使用 http)。

// ensure we send credentials over a secure connection
if (!HttpContext.Current.Request.IsSecureConnection)
{
     string postbackUrl = HttpContext.Current.Request.Url.AbsoluteUri.Replace("http", "https");
     LinkButton_Login.PostBackUrl = postbackUrl;
}

在您的具体情况下,您应该将其中一个按钮设置为回发到 https 版本,将另一个按钮设置为 http 版本(如果您未指定 PostBackUrl,则默认情况下按原样回发到页面本身)。

The solution is to use asp.net to specify a "cross page postback", that is, you user the PostBackUrl property of any button control (LinkButton, Button, ImageButton etc.). This property allows you to post back to any page you like. Just set your PostBackUrl to the https version of your page and you're good to go (also make sure there are no url redirects active which force http on your page).

// ensure we send credentials over a secure connection
if (!HttpContext.Current.Request.IsSecureConnection)
{
     string postbackUrl = HttpContext.Current.Request.Url.AbsoluteUri.Replace("http", "https");
     LinkButton_Login.PostBackUrl = postbackUrl;
}

In your specific case you should set one of your buttons to post back to the https version, and the other to the http version (if you don't specify the PostBackUrl the default is to post back to the page itself as is).

回复 原文
め可乐爱微笑 2024-07-22 02:10:55

一个 aspx 页面上可以有两个表单。 你只是不能嵌套它们。

在我构建的页面上,我有一个可以发回该页面的表单,还有一个可以发回 Google Checkout 的表单。

如果您必须混合页面的内容,请将 https 表单放在页面底部(主表单标记之后)并用隐藏字段填充它。 当用户单击按钮时,使用 Javascript 为隐藏字段分配值,然后发布 https 表单。

You can have two forms on an aspx page. You just can't nest them.

On a page I built, I have one form that posts back to the page, and one that posts back to Google Checkout.

If you have to mix the contents of the page, put the https form at the bottom of the page (after the main form tag) and fill it with hidden fields. When the user clicks a button, use Javascript to assign values to the hidden fields and then post the https form.

回复 原文
长亭外,古道边 2024-07-22 02:10:55

您可以使用登录事件的 HttpWebRequest 对象通过代码进行手动发布,然后将返回的响应写回用户的流。

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(webRequest.URL);
request.UserAgent = UserAgent;
request.ContentType = ContentType;
request.Method = "POST";

// Write your bytes of the login section here
 Stream oStream = request.GetRequestStream();
 oStream.Write(webRequest.BytesToWrite, 0, webRequest.BytesToWrite.Length);
 oStream.Close();

 // Send the request and get a response
 HttpWebResponse resp = (HttpWebResponse)request.GetResponse();

 // Read the response
 StreamReader sr = new StreamReader(resp.GetResponseStream());

 // return the response to the screen
 string returnedValue = sr.ReadToEnd();

  sr.Close();
  resp.Close();

  Response.Write(returnedValue);

You could do a manual post through code using the HttpWebRequest object for the login event and then write the returned response back to the user's stream.

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(webRequest.URL);
request.UserAgent = UserAgent;
request.ContentType = ContentType;
request.Method = "POST";

// Write your bytes of the login section here
 Stream oStream = request.GetRequestStream();
 oStream.Write(webRequest.BytesToWrite, 0, webRequest.BytesToWrite.Length);
 oStream.Close();

 // Send the request and get a response
 HttpWebResponse resp = (HttpWebResponse)request.GetResponse();

 // Read the response
 StreamReader sr = new StreamReader(resp.GetResponseStream());

 // return the response to the screen
 string returnedValue = sr.ReadToEnd();

  sr.Close();
  resp.Close();

  Response.Write(returnedValue);
回复 原文
埖埖迣鎅 2024-07-22 02:10:55

我根据您的背景假设您正在做一件事或另一件事,而不是同时做两件事。

查看按钮对象的 PostbackURL。
登录按钮可以回发到“https://secure.login.com

另一个按钮可以回发到页面本身。

这里的问题是,您仍然会将登录字段发回到不安全的页面,这意味着它们没有加密,并且可能会被嗅探。

快速而肮脏的解决方法是,如果按下“获取报价”按钮,则在发布之前让 JavaScript 清除登录字段。

I'm assuming from your context, that you are doing one thing or the other, not both at the same time.

Look at the PostbackURL of the button objects.
the login button can postback to "https://secure.login.com"

The other button can just postback to the page itself.

The problem here is that you'll still be posting back the login fields to the insecure page, which means they're not encrypted, and could be sniffed.

The quick and dirty workaround would be to have javascript clear the login fields before posting if the "Get Quote" button is pressed.

回复 原文
趴在窗边数星星i 2024-07-22 02:10:55

HTTP 和 HTTPS 页面是否位于同一服务器/同一应用程序的一部分?

如果是这样,您也许可以使用 Server.Transfer() 方法来保持表单完整,但也可以使用 HTTPS。

Are the HTTP and HTTPS pages on the same server / part of the same application?

If so you maybe able to use the Server.Transfer() method to keep the form intact but also have the HTTPS.

回复 原文
半寸时光 2024-07-22 02:10:55

在 ASP.Net 3.5(可能是 SP1——忘记它是在基础库还是 SP 中)中,您现在可以设置“action”属性。 但这会使其两种“表单”都发布到 HTTPS。

如果您希望将两个表单放在同一页面上,并确定在“运行时”发布到哪个表单,则必须使用客户端代码来完成此操作。 在所有触发回发的对象上设置客户端处理程序或挂接到 _dopostback(或任何它的名称——懒得查找)函数,并让它检查按下了哪个按钮。 如果是非安全页面,则首先清除登录字段中的所有数据。 然后自己手动触发回发到正确的页面。

In ASP.Net 3.5 (maybe SP1--forget if it was in the base library or the SP) you can now set the "action" attribute. But that would make it post to HTTPS for both 'forms'.

If you want to have both forms on the same page, and determine which to post to at 'runtime', you'll have to do it with client-side code. Have client handlers on all objects that trigger post backs or hook into the _dopostback (or whatever it's called--to lazy to look it up) function, and have it check which button was pressed. If the non-secure page, then clear out any data in the login fields first. Then manually trigger the postback yourself to the correct page.

回复 原文
殊姿 2024-07-22 02:10:55

你不能做一个 Response.Redirect("https://.../Login.aspx”); 在登录按钮单击事件中。

Couldn't you just do a Response.Redirect("https://.../Login.aspx"); in the Login button click event.

回复 原文
~没有更多了~

关于作者

幸福还没到

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

qq_E2Iff7

文章 0 评论 0

Archangel

文章 0 评论 0

freedog

文章 0 评论 0

Hunk

文章 0 评论 0

18819270189

文章 0 评论 0

wenkai

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文