How to: Cross-Site posting and redirection in ASP.NET webforms

Question

Scenario:

The task I have at hand is to enable a single-signon solution between different organizations/websites. I start as an authenticated user on one organization's website, convert specific information into an Xml document, encrypt the document with triple des, and send that over as a post variable to the second organizations login page.

Question:

Once I have my xml data packaged, how do I programmatically perform a post to the second website and have the user's browser redirected to the second website as well.

This should behave just like having a form like:

action="http://www.www.com/posthere" method="post"

... and having a hidden text field like:

input type="hidden" value="my encrypted xml"

This is being written in asp.net 2.0 webforms.

--

Edit: Nic asks why the html form I describe above will not work. Answer: I have no control over either site; I am building the "middle man" that makes all of this happen. Site 1 is forwarding a user to the page that I am making, I have to build the XML, and then forward it to site 2. Site 1 does not want the user to know about my site, the redirect should be transparent.

The process I have described above is what both parties (site A and site B) mandate.

Answer 1

You are thinking about this too process oriented, it would take you a month of sundays to try and work out all the bugs and moving parts with what you suggest.

You are already doing a post to another server so you really don't need to do anything. The form you have is already perfect, and when the other server intercepts the request that is when it makes the decision to either allow to user in and continue in through the site, or redirect them back to their Referer (sic) in the header. When redirecting back to the Referer they may want to tack on a message that says what was wrong, such as ?error=no_auth

Answer 2

Send back a document that contains the from with hidden input and include an onload handler that posts the form immediately to the other site. Using jquery's document.ready() solves the issue of whether the DOM is loaded before the post occurs, though there are other ways to do this without jquery. You might want to include some small message on the screen to the effect that the user will be redirected shortly and provide a link which also does the post

...headers left out...

<script type='text/javascript'>

$(document).ready( function() {
   $('form:first').submit();
 });
</script>

<body>
   <form action='othersiteurl' method='POST'>
       <input type='hidden' value='your-encrypted-xml" />
   </form>
</body>

Answer 3

Is there a way to do this completely in the Code behind ?

Answer 4

I wrote on this for another question a while back. Hope this helps:

How do you pass an authenticaticated session between app domains