CODEWITHSUNDEEP
c#asp.netforms-authenticationibm-datapower
StingyJack
StingyJack

Reputation: 19479

Is there a built in way to have ASP.NET accept posted data with GET instead of POST?

We have a straight forward ASP.NET web application with a login page. After the user enters credentials and submits the form, the server processes the details and if successful, Response.Redirect()'s the user to the Main Menu page. (We also have a navigation bar where the user can navigate to other pages via similar response.redirects)

One of our customers is setting up an IBM Data Power Web Application Firewall, and has told us this Redirect after a POST is an RFC violation and consequently the application does not work.

There are a few questions here that are related to Get/Post/Redirect, and they indicate that its up to the discretion of the browser to use the 302 response as a get or a post. I have also found other links on the public internet that lead me to believe this something the IBM device could be configured to handle.

Before I suggest changing the IBM device configuration, are there any configuration based (or simple code) ways to make a trivial login page (not using the asp.net login control) work where a GET request can send the login credentials, or make all postbacks in the site use a GET instead of POST?

Also, if anyone has tips for working with this IBM device, they would be appreciated.

An example of the code...

var userName = txtUserName.Text.Trim();
var password = txtPassword.Text.Trim();
var authResult = GetAuthService().AuthenticateUser(userName, password);
if (authResult == true)
{
 //set forms auth cookie
 Response.Redirect("Menu.aspx", false);
}
else
{
 lblError.Text = "Unable to login";
}

Upvotes: 1

Views: 94

Answers (1)

Ajitabh Sharma
Ajitabh Sharma

Reputation: 101

A POST followed by a redirect is a usual mechanism found in many implementation. For example, consider using JAAS authentication. You present a form to a user and it is posted on '*/j_security_check' URL. Once authenticated you are redirected to a resource page, else you are re-directed to an error page.

I am not sure what is configured on datapower, but if your developer is using MPGW construct for this, then he can try playing around with two properties found in 'Advanced' tab of it. One is 'follow redirects' and another one is allow 'empty request'.

May be this helps you.

Upvotes: 1

Related Questions