securing querystring

hi people i have this issue , and am seeking solution i want to prevent user from making changes to querystring coz i pass some parameters i tried the querystringmodule that encrypt the query string but no luck coz if the user opened the page source he will see all the links. i also tried some mod-rewrite or url rewrite , but its complex and also can be changed by user (its not secure, its just makes the query string pretty ) now i used iframe in home.aspx page and the src is my login page of the application , so the user see only home.aspx in the address bar but the problem is that the user can open the iframe content in any new window so i need to prevent any access to the application that comes from other windows (not from the iframe). please give me ideas or solutions thanks