Response Redirect with POST instead of Get

Question

We have the requirement to take a form submission and save some data  then redirect the user to a page offsite  but in redirecting  we need to  submit  a form with POST  not GET   I was hoping there was an easy way to accomplish this  but I m starting to think there isn t   I think I must now create a simple other page  with just the form that I want  redirect to it  populate the form variables  then do a body onload call to a script that merely calls document forms 0  submit     Can anyone tell me if there is an alternative   We might need to tweak this later in the project  and it might get sort of complicated  so if there was an easy we could do this all non-other page dependent that would be fantastic   Anyway  thanks for any and all responses

User · Answer

This should make life much easier  You can simply use Response RedirectWithData      method in your web application easily   Imports System Web Imports System Runtime CompilerServices  Module WebExtensions       lt Extension   gt        Public Sub RedirectWithData ByRef aThis As HttpResponse  ByVal aDestination As String                                    ByVal aData As NameValueCollection          aThis Clear           Dim sb As StringBuilder   New StringBuilder            sb Append   lt html gt            sb AppendFormat   lt body onload  document forms   form    submit    gt            sb AppendFormat   lt form name  form  action   0   method  post  gt    aDestination           For Each key As String In aData             sb AppendFormat   lt input type  hidden  name   0   value   1     gt    key  aData key           Next          sb Append   lt  form gt            sb Append   lt  body gt            sb Append   lt  html gt             aThis Write sb ToString             aThis End       End Sub  End Module

User · Answer

Thought it might interesting to share that heroku does this with it s SSO to Add-on providers  An example of how it works can be seen in the source to the  kensa  tool   https   github com heroku kensa blob d4a56d50dcbebc2d26a4950081acda988937ee10 lib heroku kensa post proxy rb  And can be seen in practice if you turn of javascript   Example page source    lt  DOCTYPE HTML gt   lt html gt     lt head gt       lt meta http-equiv  Content-Type  content  text html  charset utf-8    gt       lt title gt Heroku Add-ons SSO lt  title gt     lt  head gt      lt body gt       lt form method  POST  action  https   XXXXXXXX sso login  gt            lt input type  hidden  name  email  value  XXXXXXXX    gt            lt input type  hidden  name  app  value  XXXXXXXXXX    gt            lt input type  hidden  name  id  value  XXXXXXXX    gt            lt input type  hidden  name  timestamp  value  1382728968    gt            lt input type  hidden  name  token  value  XXXXXXX    gt            lt input type  hidden  name  nav-data  value  XXXXXXXXX    gt        lt  form gt        lt script type  text javascript  gt        document forms 0  submit         lt  script gt     lt  body gt   lt  html gt

User · Answer

Doing this requires understanding how HTTP redirects work   When you use Response Redirect    you send a response  to the browser that made the request  with HTTP Status Code 302  which tells the browser where to go next   By definition  the browser will make that via a GET request  even if the original request was a POST   Another option is to use HTTP Status Code 307  which specifies that the browser should make the redirect request in the same way as the original request  but to prompt the user with a security warning   To do that  you would write something like this   public void PageLoad object sender  EventArgs e           Process the post on your side         Response Status    307 Temporary Redirect       Response AddHeader  Location    http   example com page to post to        Unfortunately  this won t always work   Different browsers implement this differently  since it is not a common status code      Alas  unlike the Opera and FireFox developers  the IE developers have never read the spec  and even the latest  most secure IE7 will redirect the POST request from domain A to domain B without any warnings or confirmation dialogs  Safari also acts in an interesting manner  while it does not raise a confirmation dialog and performs the redirect  it throws away the POST data  effectively changing 307 redirect into the more common 302    So  as far as I know  the only way to implement something like this would be to use Javascript   There are two options I can think of off the top of my head    Create the form and have its action attribute point to the third-party server   Then  add a click event to the submit button that first executes an AJAX request to your server with the data  and then allows the form to be submitted to the third-party server  Create the form to post to your server   When the form is submitted  show the user a page that has a form in it with all of the data you want to pass on  all in hidden inputs   Just show a message like  Redirecting       Then  add a javascript event to the page that submits the form to the third-party server    Of the two  I would choose the second  for two reasons   First  it is more reliable than the first because Javascript is not required for it to work  for those who don t have it enabled  you can always make the submit button for the hidden form visible  and instruct them to press it if it takes more than 5 seconds   Second  you can decide what data gets transmitted to the third-party server  if you use just process the form as it goes by  you will be passing along all of the post data  which is not always what you want   Same for the 307 solution  assuming it worked for all of your users   Hope this helps

User · Answer

PostbackUrl can be set on your asp button to post to a different page   if you need to do it in codebehind  try Server Transfer

User · Answer

The GET  and HEAD  method should never be used to do anything that has side-effects  A side-effect might be updating the state of a web application  or it might be charging your credit card  If an action has side-effects another method  POST  should be used instead   So  a user  or their browser  shouldn t be held accountable for something done by a GET  If some harmful or expensive side-effect occurred as the result of a GET  that would be the fault of the web application  not the user  According to the spec  a user agent must not automatically follow a redirect unless it is a response to a GET or HEAD request   Of course  a lot of GET requests do have some side-effects  even if it s just appending to a log file  The important thing is that the application  not the user  should be held responsible for those effects   The relevant sections of the HTTP spec are 9 1 1 and 9 1 2  and 10 3

User · Answer

HttpWebRequest is used for this   On postback  create a HttpWebRequest to your third party and post the form data  then once that is done  you can Response Redirect wherever you want   You get the added advantage that you don t have to name all of your server controls to make the 3rd parties form  you can do this translation when building the POST string   string url    3rd Party Url    StringBuilder postData   new StringBuilder     postData Append  first name     HttpUtility UrlEncode txtFirstName Text      amp     postData Append  last name     HttpUtility UrlEncode txtLastName Text       ETC for all Form Elements     Now to Send Data  StreamWriter writer   null   HttpWebRequest request    HttpWebRequest WebRequest Create url   request Method    POST   request ContentType    application x-www-form-urlencoded                           request ContentLength   postData ToString   Length  try       writer   new StreamWriter request GetRequestStream         writer Write postData ToString       finally       if  writer    null          writer Close       Response Redirect  NewPage      However  if you need the user to see the response page from this form  your only option is to utilize Server Transfer  and that may or may not work

User · Answer

Something new in ASP Net 3 5 is this  PostBackUrl  property of ASP buttons   You can set it to the address of the page you want to post directly to  and when that button is clicked  instead of posting back to the same page like normal  it instead posts to the page you ve indicated   Handy  Be sure UseSubmitBehavior is also set to TRUE

User · Answer

Typically  all you ll ever need is to carry some state between these two requests  There s actually a really funky way to do this which doesn t rely on JavaScript  think  lt noscript      Set-Cookie  name value  Max-Age 120  Path  redirect html   With that cookie there  you can in the following request to  redirect html retrieve the name value info  you can store any kind of information in this name value pair string  up to say 4K of data  typical cookie limit   Of course you should avoid this and store status codes and flag bits instead   Upon receiving this request you in return respond with a delete request for that status code   Set-Cookie  name value  Max-Age 0  Path  redirect html   My HTTP is a bit rusty I ve been going trough RFC2109 and RFC2965 to figure how reliable this really is  preferably I would want the cookie to round trip exactly once but that doesn t seem to be possible  also  third-party cookies might be a problem for you if you are relocating to another domain  This is still possible but not as painless as when you re doing stuff within your own domain   The problem here is concurrency  if a power user is using multiple tabs and manages to interleave a couple of requests belonging to the same session  this is very unlikely  but not impossible  this may lead to inconsistencies in your application   It s the  lt noscript   way of doing HTTP round trips without meaningless URLs and JavaScript  I provide this code as a prof of concept  If this code is run in a context that you are not familiar with I think you can work out what part is what   The idea is that you call Relocate with some state when you redirect  and the URL which you relocated calls GetState to get the data  if any    const string StateCookieName    state    static int StateCookieID   protected void Relocate string url  object state        var key          StateCookieName   Interlocked          Add ref StateCookieID  1  ToInvariantString         var absoluteExpiration   DateTime Now          Add new TimeSpan 120   TimeSpan TicksPerSecond         Context Cache Insert key  state  null  absoluteExpiration          Cache NoSlidingExpiration        var path   Context Response ApplyAppPathModifier url        Context Response Cookies          Add new HttpCookie StateCookieName  key                        Path   path              Expires   absoluteExpiration                  Context Response Redirect path  false      protected TData GetState lt TData gt        where TData   class       var cookie   Context Request Cookies StateCookieName       if  cookie    null                var key   cookie Value          if  key IsNonEmpty                          var obj   Context Cache Remove key                Context Response Cookies                  Add new HttpCookie StateCookieName                                         Path   cookie Path                       Expires   new DateTime 1970  1  1                                    return obj as TData                      return null

User · Answer

You can use this aproach   Response Clear     StringBuilder sb   new StringBuilder    sb Append   lt html gt     sb AppendFormat    lt body onload  document forms   form    submit    gt     sb AppendFormat   lt form name  form  action   0   method  post  gt   postbackUrl   sb AppendFormat   lt input type  hidden  name  id  value   0   gt    id      Other params go here sb Append   lt  form gt     sb Append   lt  body gt     sb Append   lt  html gt      Response Write sb ToString      Response End      As result right after client will get all html from server the event onload take place that triggers form submit and post all data to defined postbackUrl

User · Answer

I suggest building an HttpWebRequest to programmatically execute your POST and then redirect after reading the Response if applicable

User · Answer

Matt   You can still use the HttpWebRequest  then direct the response you receive to the actual outputstream response  this would serve the response back to the user  The only issue is that any relative urls would be broken   Still  that may work

User · Answer

Copy-pasteable code based on Pavlo Neyman s method  RedirectPost string url  T bodyPayload  and GetPostData   are for those who just want to dump some strongly typed data in the source page and fetch it back in the target one  The data must be serializeable by NewtonSoft Json NET and you need to reference the library of course   Just copy-paste into your page s  or better yet base class for your pages and use it anywhere in you application    My heart goes out to all of you who still have to use Web Forms in 2019 for whatever reason           protected void RedirectPost string url  IEnumerable lt KeyValuePair lt string string gt  gt  fields                        Response Clear                 const string template      lt html gt   lt body onload  document forms   form    submit    gt   lt form name  form  action   0   method  post  gt   1   lt  form gt   lt  body gt   lt  html gt                 var fieldsSection   string Join                      Environment NewLine                      fields Select x   gt     lt input type  hidden  name   HttpUtility UrlEncode x Key    value   HttpUtility UrlEncode x Value    gt                                    var html   string Format template  HttpUtility UrlEncode url   fieldsSection                Response Write html                Response End                       private const string JsonDataFieldName     jsonData            protected void RedirectPost lt T gt  string url  T bodyPayload                        var json   JsonConvert SerializeObject bodyPayload  Formatting Indented                 explicit type declaration to prevent recursion             IEnumerable lt KeyValuePair lt string  string gt  gt  postFields   new List lt KeyValuePair lt string  string gt  gt                     new KeyValuePair lt string  string gt  JsonDataFieldName  json                 RedirectPost url  postFields                       protected T GetPostData lt T gt    where T  class                        var urlEncodedFieldData   Request Params JsonDataFieldName               if  string IsNullOrEmpty urlEncodedFieldData                                 return null    default T                              var fieldData   HttpUtility UrlDecode urlEncodedFieldData                var result   JsonConvert DeserializeObject lt T gt  fieldData               return result

User · Answer

Here s what I d do    Put the data in a standard form  with no runat  server  attribute  and set the action of the form to post to the target off-site page  Before submitting I would submit the data to my server using an XmlHttpRequest and analyze the response  If the response means you should go ahead with the offsite POSTing then I  the JavaScript  would proceed with the post otherwise I would redirect to a page on my site

User · Answer

In PHP  you can send POST data with cURL  Is there something comparable for  NET    Yes  HttpWebRequest  see my post below

[asp.net] Response.Redirect with POST instead of Get?

Examples related to asp.net

Examples related to https

Examples related to response.redirect