how to hide parameters in url

Question

0.00/5 (No votes)

See more:

i want to hide url parameters.
for example /default.aspx?id=23
here i want to hide parameter id so any user cann't change this parameter in url.
or another is if user change id=23 to 27 then same page will be displayed.it means the page for id=23 could not be change for changing id in url. what is solution for this?

Posted 17-Feb-11 5:33am

tanuja karkar

Add a Solution

3 solutions

Solution 3

Hiding any part of a url is highly suspicious. It is the sort of thing that is used in phishing attacks.

If you look at the url displayed for your question it does not use an id, it uses a named page. This is a far better way to do it.

Posted 17-Feb-11 5:42am

Henry Minute

Comments

Sergey Alexandrovich Kryukov 17-Feb-11 15:45pm

Henry, this is the best answer so far, my 5.
Suggest it as a final answer to be accepted by OP.
I would also combine it with the recommendation to use POST instead of URL parameter -- simple refer to other Answers.
--SA

Solution 1

0) You could create a GUID string and place your value at a known position in the string.

1) I think you can actually hide the query string (not display it in the address bar) - google is your friend.

2) google "asp.net single sign-on"

Posted 17-Feb-11 5:38am

#realJSOP

Updated 17-Feb-11 5:39am

v2

Comments

Ashishmau 18-Feb-11 1:54am

use urlrewriting for this

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Orcun Iyigun** · Accepted Answer · 2011-02-17T05:41:00

(1)Use a form and POST the information. This might require additional code in source pages, but should not require logic changes in the target pages (merely change Request.QueryString to Request.Form). While POST is not impossible to muck with, it's certainly less appealing than playing with QueryString parameters.

(2)Use session variables to carry information from page to page. This is likely a more substantial effort compared to (1), because you will need to take session variable checking into account (e.g. the user might now have a difficult time navigating around using their Back and Forward buttons, if you are constantly checking state). You will also need to deal with the case where session cookies are not enabled (this solution will not work for these people).

(3)Use "encoded" or non-sensical information in the QueryString in place of the real data. This will require the effort of creating an encoding and decoding scheme on either end of all page submissions. Sure, users can still experiment and reverse engineer your scheme, however they will be less likely to quickly come up with meaningful changes to the existing QueryString.

(4)Use framesets. I really don't recommend this approach, though it is quite common. If you're trying to hide the information as opposed to making it more difficult to modify, users can still right-click the individual frames and click properties, in order to retrieve all of the information passed via QueryString.

(5)Use Server.Transfer to move control to a second page, which will still have access to the QueryString parameters passed to the first page (the URL of which was visible only briefly).

One problem with moving away from QueryStrings is that they make your site harder to use. If you are relying on any method other than (3), it is impossible for users to bookmark the current page as is... they can only bookmark the page in a way that resembles what would have happened if they had simply typed the URL in (which might not even work, depending on how you've constructed the page). So that's just one thing to keep in mind when deciding how sensitive your information really is, and how far you're willing to go in the balance of usability vs. security.

Also check these pages out;
http://www.codeproject.com/aspnet/urlrewriter.asp[^]
http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx[^]