Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 4 > ASP.NET 4 General Discussion
|
ASP.NET 4 General Discussion For ASP.NET 4 discussions not relating to a specific Wrox book
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 4 General Discussion section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 30th, 2010, 10:42 AM
Friend of Wrox
 
Join Date: Feb 2009
Posts: 194
Thanks: 5
Thanked 3 Times in 3 Posts
Default Displaying a page after collecting details

Currently I am working on a website which will contain links to several resources. The client doesn't want them to be able to access the resources without first collecting their email address.

However once they have entered their details ideally I don't want them to fill out the form again to access the resources.

I haven't looked into the specifics of this but I imagine I could perhaps create a cookie and check for that if they have it they can omit the filling out of the form?

I haven't worked with cookies before but I am confident something like this would be possible.

Can anyone spot any drawbacks using an approach such as this?
__________________
Follow me on twitter.

Where I work.

Connect with me on LinkedIn

Blog
 
Old July 1st, 2010, 04:39 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi Will,

It all depends on what you want to protect and how secure it needs to be. Cookies can be read and set in the browser as well, making this a not so secure solution. Alternatives:

1. Store the address in the session. This is more secure but requires the user to enter the e-mail address at every visit to the site.

2. Use ASP.NET membership. This requires the user to register and login but is a lot more secure.

Also, you need to consider the way you protect access to the files. For example, if the file is accessible as /Downloads/SomeDoc.docx, anyone that knows the URL can directly download the file. Storing the documents outside the web root and stream them for specific users would be a secure solution.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
 
Old July 1st, 2010, 05:48 AM
Friend of Wrox
 
Join Date: Feb 2009
Posts: 194
Thanks: 5
Thanked 3 Times in 3 Posts
Default

The files don't need to be that secure they are just used as an incentive to get people to register their consent to receive a newsletter sent out by the company.

Sort of you fill out the form and you get some report for free. Ideally I do not think they will want to have the recipient enter their details each time.

Creating a login section for this seems to be a bit overkill to the client and I don't think they want this.

Is there a way to prevent a page from being displayed if a cookie isn't present? this would mean that even if they did know the url they would be redirected to the registration page if the cookie wasn't present? I suppose I could do that?
__________________
Follow me on twitter.

Where I work.

Connect with me on LinkedIn

Blog
 
Old July 1st, 2010, 05:53 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

For a page this is pretty easy to do:

Code:
protected void Page_Load(object sender, EventArgs e)
{
 if (Request.Cookies["EmailAddress"] == null)
 {
  Response.Redirect("http://www.google.com/");
 }
}
For files such as Word documents this is a bit more difficult as you need to create a module that checks the cookie.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
 
Old July 1st, 2010, 06:08 AM
Friend of Wrox
 
Join Date: Feb 2009
Posts: 194
Thanks: 5
Thanked 3 Times in 3 Posts
Default

Cool, I am sure I will figure it out. - Just wanted to check if there was a better way of what I intended to do but I think the cookie option is probably the best for what I need.

Cheers
__________________
Follow me on twitter.

Where I work.

Connect with me on LinkedIn

Blog
 
Old July 14th, 2010, 03:02 AM
Authorized User
 
Join Date: May 2010
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Use Session In The Place Of Cookies

Hi Will,

In my opinion Cookies are not a very good solution for it.The possible thing which u can do is use session and take user email at every time he come to your site. Use ASP.NET membership. This requires the user to register and login but is a lot more secure.
If user is authenticate then show the links else not.



Many Thanks
Ankit
Daccit Pvt Ltd
http://www.daccit.com

Last edited by daccit; July 14th, 2010 at 05:29 AM..
 
Old July 14th, 2010, 05:52 AM
Authorized User
 
Join Date: May 2010
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Use Sessions At The Place Of Cookies

Hi Will,

Cookies are not a very good solution for it.The possible thing which you can do is use session and take user email at every time he come to your site. Use ASP.NET membership. This requires user to register and login but it is a lot more secure.
If user is authenticate then show the links else not.



Thanks
Ankit





Similar Threads
Thread Thread Starter Forum Replies Last Post
Collecting Free Source Script cyber_kaley20 Beginning PHP 0 July 28th, 2008 08:43 PM
collecting logon tray Javascript 1 September 4th, 2003 03:34 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.