I need to pass some secure information (using ssl) to another website
(different domain) and at same time redirect user to that site. What is the
best way to do it? Thanks.
DTAs far as I know, you can't send anything from one domain to another using SSL.
I suggest that you use some of the encryption engines in the
System.Security.Cryptography to encrypt the data, and then send it openly.
Hi Dave,
As Guffa has mentioned, SSL/https is not quite suitable for pass info
between two server, generally , it is used for securing communication
between client (browser) and server. Is the other server your application
will communicate with also controlled by yourself? If possible, you can
consider setup another webservcie on the target web sever to let your
application communicate with, and they can use HTTPS/ssl channel for the
webservice communication.
Regards,
Steven Cheng
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Thank you for the reply.
One of my thought was:
1. use HttpWebRequest to POST the information to the other webdomain through
https.
2. then use Response.Redirect("https://...") to redirect to the other domain
site.
The information we posted in the 1st step is session sensitive information
though.
Do you see any problem here?
--
Thanks,
Dav
"Steven Cheng[MSFT]" wrote:
> Hi Dave,
> As Guffa has mentioned, SSL/https is not quite suitable for pass info
> between two server, generally , it is used for securing communication
> between client (browser) and server. Is the other server your application
> will communicate with also controlled by yourself? If possible, you can
> consider setup another webservcie on the target web sever to let your
> application communicate with, and they can use HTTPS/ssl channel for the
> webservice communication.
> Regards,
> Steven Cheng
> Microsoft Online Community Support
>
> ==================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
Thanks for your response Dav,
Answer and suggestion for your further items:
1. use HttpWebRequest to POST the information to the other webdomain
through
https.
================================
This is a reasonable approach. And for using httpwebrequest to access
remote resource over https/ssl, you may take care of something on handling
those events on certificate validation, here is a former thread discussing
on the related issue, you can have a look for reference:
http://groups.google.com/group/micr...ork.aspnet/brow
se_thread/thread/141e63140ff8518f/3f0a51221c9c069a?lnk=st&q=httpwebrequest++
ICertificatePolicy+Steven+Cheng&rnum=1&hl=en#3f0a51221c9c069a
2. then use Response.Redirect("https://...") to redirect to the other
domain
site.
=====================================
This should be ok since it's a client-side redirection which doesn't
concern much about our server-side code..
Hope this helps.
Regards,
Steven Cheng
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
0 comments:
Post a Comment