0

I have an ASPX page which gets the visitors domain username on load. I need to then automatically transfer the visitor to another page (CSHTML) and pass their username as well.

I found a way using the ASP code below to transfer the user and the variable to the other CSHTML page. This is probably not the best way but its all I could think of (just started with ASP)

My question is, is it possible to do the same thing where the ASPX will automatically redirect to another page and pass the variable but not in the URL? I don't want to pass the username in the URL because that parameter can later be changed by anyone.

So my requirements are (1) Automatically go from the ASPX page to CSHTML page on load without having the user click on anything and (2) Pass a variable to the CSHTML page but not in the URL

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Environment" %>
<%@ Import Namespace="System.Security" %>
<%@ Import Namespace="System.Security.Principal.WindowsIdentity" %>


<script runat="server" language="VB">

'On page load
Sub Page_Load()
Response.Write("<HTML>")
Response.Write("<HEAD>")
Response.Write(String.Format("<meta http-equiv=""refresh"" content=""0; url=http://iisserver/cshtmlpages/target_page.cshtml?authuser="))
Response.Write(Context.User.Identity.Name)
Response.Write(String.Format(""" />"))
Response.Write("</HEAD>")
Response.Write("</HTML>")
End Sub
</Script>
JetRocket11
  • 302
  • 4
  • 17
  • Why are you mixing Webforms and MVC? Both frameworks have everything you need to do what it sounds like you want. – Erik Philips Jun 13 '14 at 00:07
  • To expand on Erik's comment - same application (even if `cshtml` is not "MVC" - e.g. WebPages)? – EdSF Jun 13 '14 at 00:36
  • Can't get Windows Authentication to work on any site with Webmatrix. After disabling anonymous authentication and enabling Windows Authentication none of the pages load. Instead of loading they all redirect to a non existent login. Nobody can provide the fix and after hours of searching I found similar issues where people are saying that it's an issue with Webmatrix. Removing the Webmatrix data and webdata dll files from bin folder allows all pages load but while aspx sites may work our cshtml pages rely on those Webmatrix files. – JetRocket11 Jun 13 '14 at 00:39
  • See if this post helps you with [Windows Auth config in `WebPages`](http://mikepope.com/blog/DisplayBlog.aspx?permalink=2298). At the end of the day it is still ASP.Net... – EdSF Jun 13 '14 at 00:49
  • Thanks I saw that page but Windows Authentication still doesn't work with cshtml and aspx which are on the same site as long as the Webmatrix dlls are there. Once removed then aspx pages work fine, same iis authentication settings – JetRocket11 Jun 13 '14 at 00:59

3 Answers3

0

It's much simpler than that to send someone to another page. Use Response.Redirect.

<script runat="server" language="VB">
'On page load
Sub Page_Load()
Response.Redirect("mypage.html")
End Sub
</Script>

I'm not sure how you expect to pass a variable without putting it in the URL? You'll need to update your question saying how you want to do it, such as Session or Cookie. But really, putting it in the Query String (URL) would be simplest.

mason
  • 31,774
  • 10
  • 77
  • 121
  • How would I do this using a session? – JetRocket11 Jun 13 '14 at 01:15
  • Before performing the redirect, do something like `Session("MyKey") = "MyValue"`. But instead of MyKey, give the data an appropriate name. And instead of MyValue, you'd give the value of whatever you want to pass to the other page. – mason Jun 13 '14 at 02:46
0

If you want to pass a value from one app/page to another, it will have to be done either through the request string, in a cookie, or in a session. You don't have to pass the data itself, instead you could pass a token of some sort.

A primitive example of that would be to generate a guid and store that in a table along with the username or other claims and pass that in the request url, and the other side could retrieve that data from the database and expire the token.

Sessions

Storing Session variables in ASP.NET MVC . This will only work if both pages are on the same server, and the pages might have to be part of the same application. But it's relativily safe, and can't be touched by the user.

Coookies

Using cookie in asp.net mvc c#.

Community
  • 1
  • 1
BrandorK
  • 191
  • 1
  • 4
0

You could POST the data from the client back to the cshtml page. This would keep the authuser value out of the url querystring. 

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Environment" %>
<%@ Import Namespace="System.Security" %>
<%@ Import Namespace="System.Security.Principal.WindowsIdentity" %>

<script runat="server" language="VB">

'On page load
Sub Page_Load()
   Response.Write("<HTML>")
   Response.Write("<HEAD>")
   Response.Write("</HEAD>")
   Response.Write("<body onload='document.forms[""form""].submit()'>")
   Response.Write("<form name='form' action='http://iisserver/cshtmlpages/target_page.cshtml' method='post'>")
   Response.Write("<input type='hidden' name='authuser' value='{0}'>", Context.User.Identity.Name)
   Response.Write("</form>");
   Response.Write("</body>")
   Response.Write("</HTML>")
   Response.End()
End Sub
</Script>
Paul Kearney - pk
  • 5,435
  • 26
  • 28