Response.Redirect with POST instead of Get?

by

Doing this requires understanding how HTTP redirects work. When you use Response.Redirect(), you send a response (to the browser that made the request) with HTTP Status Code 302, which tells the browser where to go next. By definition, the browser will make that via a GET request, even if the original request was a POST.

Another option is to use HTTP Status Code 307, which specifies that the browser should make the redirect request in the same way as the original request, but to prompt the user with a security warning. To do that, you would write something like this:

public void PageLoad(object sender, EventArgs e)
{
    // Process the post on your side   

    Response.Status = "307 Temporary Redirect";
    Response.AddHeader("Location", "http://example.com/page/to/post.to");
}

Unfortunately, this won’t always work. Different browsers implement this differently, since it is not a common status code.

Alas, unlike the Opera and FireFox developers, the IE developers have never read the spec, and even the latest, most secure IE7 will redirect the POST request from domain A to domain B without any warnings or confirmation dialogs! Safari also acts in an interesting manner, while it does not raise a confirmation dialog and performs the redirect, it throws away the POST data, effectively changing 307 redirect into the more common 302.

So, as far as I know, the only way to implement something like this would be to use Javascript. There are two options I can think of off the top of my head:

  1. Create the form and have its action attribute point to the third-party server. Then, add a click event to the submit button that first executes an AJAX request to your server with the data, and then allows the form to be submitted to the third-party server.
  2. Create the form to post to your server. When the form is submitted, show the user a page that has a form in it with all of the data you want to pass on, all in hidden inputs. Just show a message like “Redirecting…”. Then, add a javascript event to the page that submits the form to the third-party server.

Of the two, I would choose the second, for two reasons. First, it is more reliable than the first because Javascript is not required for it to work; for those who don’t have it enabled, you can always make the submit button for the hidden form visible, and instruct them to press it if it takes more than 5 seconds. Second, you can decide what data gets transmitted to the third-party server; if you use just process the form as it goes by, you will be passing along all of the post data, which is not always what you want. Same for the 307 solution, assuming it worked for all of your users.

Hope this helps!

More Related Contents:

  1. Why do I get “Cannot redirect after HTTP headers have been sent” when I call Response.Redirect()?
  2. Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack
  3. SSL pages under ASP.NET MVC
  4. How to run ‘dotnet dev-certs https –trust’?
  5. how can I share an asp.net session between http and https
  6. asp.net c# redirecting from http to https
  7. How to use HTTPS in an ASP.Net Application
  8. Response.Redirect which POSTs data to another URL in ASP.NET
  9. Redirect URL (ASP.NET)
  10. Get full path of a file with FileUpload Control
  11. CustomErrors mode=”Off”
  12. ASP.NET Identity with EF Database First MVC5
  13. Which gets priority, maxRequestLength or maxAllowedContentLength?
  14. Why does ASP.NET webforms need the Runat=”Server” attribute?
  15. Is it possible to use Razor View Engine outside asp.net
  16. How to launch an EXE from Web page (asp.net)
  17. BackgroundWorker thread in ASP.NET
  18. Url.Action parameters?
  19. Change Text Box Color using Required Field Validator. No Extender Controls Please
  20. What is the claims in ASP .NET Identity
  21. RegisterStartupScript doesn’t work with ScriptManager,Updatepanel. Why is that?
  22. ASP.Net UserName to Email
  23. How can I check for IsPostBack in JavaScript? [duplicate]
  24. Accessing parent data in nested repeater, in the HeaderTemplate
  25. How to login and then download a file from aspx web pages with R
  26. “This operation requires IIS integrated pipeline mode.”
  27. “Exception has been thrown by the target of an invocation” error (mscorlib)
  28. How to forcefully set IE’s Compatibility Mode off from the server-side?
  29. What is a Generic Handler in asp.net and its use?
  30. How does Html.Raw MVC helper work?

Leave a Comment