Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / June 2007

Tip: Looking for answers? Try searching our database.

Navigation and security location.href and server.transfer

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Richard - 22 Jun 2007 15:43 GMT
Hi,

Is there any difference in handling the site navigation by using
location.href or by using server.transfer?

window.location.href = '<%=Response.ApplyAppPathModifier("~/MyAccount.aspx")
%>';

or

Server.Transfer(Response.ApplyAppPathModifier("~/MyAccount.aspx"))

What's the difference? Is there a difference in security when using Forms
authentication or Windows Authentication is security affected by using
location.href or server.transfer?

Thanks in advance,

Richard
Reply to this Message
bruce barker - 22 Jun 2007 16:02 GMT
using location causes are parse of the page then a request for the new
page. you should use redirect instead as this is just a header.

server transfer does not cause a second request, its just a way to pass
control from one page class instance to another. its main disadvantages
are the url in the browser does not match, and a refresh causes a
postback (with waring).

forms authentication uses a cookie or munged url to pass an
authentication token. if you don't use ssl, then it can hijacked with a
sniffer. with ssl it can be hijacked if the computer has shared access.

windows authentication is more secure. every page is authenticated with
 challenge/response dialog. unless the password is short, its very hard
to break. the main disadvantage is some proxies don't support it and its
more chatty.

kerberos has the advantages of windows authentication, wider support and
allows credentials forwarding.

-- bruce (sqlwork.com)

> Hi,
>
[quoted text clipped - 15 lines]
>
> Richard
Reply to this Message
Richard - 22 Jun 2007 20:44 GMT
Thanks, great explanation by Bruce. I forgot in the original post to ask
about Response.Redirect() is it the same as Server.Transfer() ? Which is the
best way?

Thanks in advance,

Richard

> using location causes are parse of the page then a request for the new
> page. you should use redirect instead as this is just a header.
[quoted text clipped - 37 lines]
> >
> > Richard
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.