QueryString Hiding

[Shock]

I am interested in hearing what kind of methods are used to hide
QueryStrings when passing data between aspx pages. For instance, I have a
url that looks something like this:

http://localhost/page.aspx?year=2000&userid=100

What ways are there to hide everything following the question mark?

I have found some tutorials online, but they are very vague and I am seeking
a little more detail. As a newbie to asp.net I am interested in learning
all I can about securing the data I am transferring between pages.

Currently, I pass the data in the url exactly like it is above and I use a
function on the other end to extract the variable from the data and put it
into a private variable on the next page.

Thanks ahead!

Shock

 

[Teemu Keiski]

Hi,

you could use Session variables when values are kept in memory for user's
session (at server). Another way could be using cookies (they are readable
if user really wants that but work for 'quick' hiding) or just using
Server.Transfer, when processing of request is transferred to another page
at the server without client browser intervention. Server.Transfer works
like Response.Redirect but the exact difference is that redirect happens
without client browser knowing that (with Response.Redirect browser is
making the actual redirect request).

 

[Cor Ligthert]

Hi Shock,

In addition to Teemu, which gives you the ASPX answer, you can also look at
the Post and Get which are used in ASP (what you are using now).

As far as I remember me are you now using the Get method while the Post hide
also.

Cor

 

[coollzh]

also ,you can use HttpWebRequest object to post data to another page

 

[Tommy]

On the source page, create a form with a hidden field. Store your
QueryString in the hidden field, and post this form to the target
page. This way you can transfer data from the source page to the
target page without using the QueryString.

Tommy,

 

[Kevin Spencer]

That only hides it from the browser address bar. It doesn't keep the values
out of the HTML of the form. The only way to assure that nobody will see the
information is to hold it on the server side, or to encrypt it.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Shock]

Hey guys. I found an interesting article that does what I want.

http://www.dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik

Any kind of input on their method would be greatly appreciated. However, I
am pleased with the fact that the view sees this information scrambled.

Shock

 

[Kevin Spencer]

That would do it.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Cor Ligthert]

Hi Shock

Have a look at the message from Teemu, for me this is a horse before a
Ferrari.

Cor

 

[Shock]

Hi Shock

Have a look at the message from Teemu, for me this is a horse before a
Ferrari.

Cor

I am going to look more into that. I am pretty new to asp.net and I don't
have a reference yet so I am blurry on a lot of the details. If you have
any code that could clarify his explanation I would greatly appreciate it.

Thanks!

Shock

 

[Cor Ligthert]

Hi Shock,

Do not become afraid reading it, take the things you understand.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/DIforWC-CH05.asp

I hope this helps,

Cor