I have a single sign-on solution, meaning that the user will login to one site and be redirected to another. When I redirect the user I want to pass along a key that can be used to verify the user’s authentication status.
Most of the examples of single sign-on I read show the login site passing the encrypted key has a query string value. I don’t think this is a very good solution because it’s not very REST-ful or whatever you want to call it. Instead I’d like to pass the encrypted key in the POST data. So when the user logins in, they are POSTing to another url.
Unfortunately I don’t know (yet) how to do this with the Response.Redirect or Server.Transfer. I think Response.Redirect passes the same POST data along when it redirects.
Does someone know how to redirect a website user in asp.net, changing the POST data while redirecting?
(bonus question: can you change a GET to a POST while redirecting?)
Server.Transferhas the ability to maintain form data (POST values) in transition, because it is essentially transferring the same request sent by the user to a new endpoint.Request.Redirectcannot persist POST data because a redirect is essentially sending a response back to the end-user which says “go here instead”. The client then initiates a new request to that new endpoint. The client does not re-submit the POST data on the second, separate request.However, neither POST nor GET alone are more or less RESTful – both are strings of data, just in slightly different parts of the request. Having clean, querystring-less URLs might “look REST-y”, but it is cosmetic.
Here’s a diagram of how the two different approaches work. As you can see, in the Redirect case, changing the POST data simply isn’t possible because it’s in the client’s hands to form the new request to the target URL; and in the Transfer case, it makes no sense to (even if it was technically possible) because if you do need to pass additional data to the new handler, you can do so yourself:
alt text http://rexmorgan.net/rr_vs_st.jpg