How to hide Querystring Parameters

Sandesh M Patil

I am Redirecting mypage to another page and passing username & password from Query string. I want hide them. Actually i dont want to use Session, Cookies, Context, Server.Transfer and any other state management technique. I just want to use Querystring and want to hide it and also dont want to encrypt and decrypt Querystring. Thanks for any help..... :)

DaveAuld

Not asking much then, if you don't want to use the various things provided. Think you should maybe rethink on why you don't want to use those topics, and what exactly you are wanting to achieve. You can also try here for more info on various methods; http://tinyurl.com/383rkbo[^]

Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com

Dinesh Mani

First of all passing password on your URL is bad, what ever way you do it. If you wish to not use session/cookies/server.transfer then you are left with only querystring or the request.form objects. As far as I know you cannot hide data from querystring, you can encrypt/decrypt it though, but you don't want to do it. So, you have to go the classic ASP way and POST the data to the new page and get the data using request.form. HTH!

Brij

sandympatil wrote:

Actually i dont want to use Session, Cookies, Context, Server.Transfer and any other state management technique. I just want to use Querystring

You dont want ot use any other any other state management technique and just want ot use querystring. AFAIK,There is no way to hide querystring parameter else you have to use another way.Better you can encrypt/decrypt if you have to stick with querystring. Generally it is not recommendsed to use querystring for sensitive data like yours.

Cheers!! Brij Check my latest Article :URL Routing with ASP.NET 4.0

daveyerwin

sandympatil wrote:

just want to use Querystring and want to hide it

OOkay , here is what the "login" page looks like...

</head>
<body>
<form action=''>
enter password<br>
<input type="password" name="password" >
<input type="submit" >
</form>
</body>
<script type="text/javascript">
xhr = new XMLHttpRequest();
myredirect = function () {
xhr.open("GET", "http://whoever.com/Default3.aspx?" + document.forms[0].password.value, true);
xhr.onreadystatechange = function () {
if (this.readyState == 4) {
if (this.responseText == "failed") { alert("failed"); }
else {
window.location.replace(this.responseText);
}
}
}
xhr.send(null);
return false;
}
document.forms[0].onsubmit = myredirect;
</script>
</html>

hereis the aspx file ...

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default3.aspx.cs" Inherits="Default3" %>

here is the aspx.cs ...

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Default3 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (Request.QueryString.ToString() == "password")
{
Response.Write("http://www.msn.com");
Response.End();
}
else
{
Response.Write("failed");
Response.End();

    }

}

}

Sandesh M Patil

Thanks for Reply.......... :)

daveyerwin

As always, you are more than welcome. Thank you for the "vote up".

Lost User

Following links will be useful to hide querystring from user/tempering. http://forums.asp.net/t/1160712.aspx[^] http://www.webmasterworld.com/forum47/2190.htm[^] http://www.experts-exchange.com/Web/Q_21965189.html[^] Hope this will help!

Jinal Desai - LIVE

Husain Ahmad Khalid

Once I had the same problem, but it was a special case, I used to send the user name and password from server to client PC and then from client PC using JavaScript to another server using post method, I know it is not a secure solution, but temporary you can use this technique. Thanks Khalid, Afghanistan