Terminates execution of the current page and starts execution of a new page by using the specified URL path of the page. Specifies whether to clear the QueryString and Form collections.
(in System.Web.dll)
Visual Basic (Declaration)
Public Sub Transfer ( _
path As String, _
preserveForm As Boolean _
)
Dim instance As HttpServerUtility
Dim path As String
Dim preserveForm As Boolean
instance.Transfer(path, preserveForm)
public void Transfer(
string path,
bool preserveForm
)
public:
void Transfer(
String^ path,
bool preserveForm
)
public function Transfer(
path : String,
preserveForm : boolean
)
The page transferred to should be another .aspx page. For instance, a transfer to an .asp or .asmx page is not valid.
Transfer calls End, which throws a ThreadAbortException exception upon completion.
If you set preserveForm to true and if the enableViewStateMac attribute of the pages configuration element is true, ASP.NET will raise an exception when Transfer is executed because the view state from the page that calls Transfer is not valid on the destination page. One of the preserved form fields on the calling page is the hidden __VIEWSTATE form field, which holds the view state for the page. When enableViewStateMac is true, ASP.NET runs a message authentication check on the view state of the destination page when the page is posted back from the client and the check will fail.
For security purposes, you should keep the enableViewStateMac attribute set to true, but there are other methods available to transfer forms data. For more information, including recommended solutions, see article Q316920, "View State is Invalid Error Message When You Use Server.Transfer" on the Microsoft Knowledge Base Web site.
ASP.NET does not verify that the current user is authorized to view the resource delivered by the Transfer method. Although the ASP.NET authorization and authentication logic runs before the original resource handler is called, ASP.NET directly calls the handler indicated by the Transfer method and does not rerun authentication and authorization logic for the new resource. If your application's security policy requires clients to have appropriate authorization to access the resource, the application should force reauthorization or provide a custom access-control mechanism.
You can force reauthorization by using the Redirect method instead of the Transfer method. The Redirect method performs a client-side redirect in which the browser requests the new resource. Because this redirect is a new request entering the system, it is subjected to all the authentication and authorization logic of both Internet Information Services (IIS) and ASP.NET security policy.
You can verify that the user has permission to view the resource by incorporating a custom authorization method that uses the IsInRole method before the application calls the Transfer method.
The following example executes a new page in the same directory as the current page.
Server.Transfer("Logon.aspx", true)
Server.Transfer("Logon.aspx", true);
Server.Transfer("Logon.aspx", true)
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
.NET Framework
Supported in: 3.5, 3.0, 2.0, 1.1, 1.0
Reference