i want to hide url parameters.
for example /default.aspx?id=23
here i want to hide parameter id so any user cann't change this parameter in url.
or another is if user change id=23 to 27 then same page will be displayed.it means the page for id=23 could not be change for changing id in url. what is solution for this?
解决方案(1)Use a form and POST the information. This might require additional code in source pages, but should not require logic changes in the target pages (merely change Request.QueryString to Request.Form). While POST is not impossible to muck with, it's certainly less appealing than playing with QueryString parameters.
(2)Use session variables to carry information from page to page. This is likely a more substantial effort compared to (1), because you will need to take session variable checking into account (e.g. the user might now have a difficult time navigating around using their Back and Forward buttons, if you are constantly checking state). You will also need to deal with the case where session cookies are not enabled (this solution will not work for these people).
(3)Use "encoded" or non-sensical information in the QueryString in place of the real data. This will require the effort of creating an encoding and decoding scheme on either end of all page submissions. Sure, users can still experiment and reverse engineer your scheme, however they will be less likely to quickly come up with meaningful changes to the existing QueryString.
(4)Use framesets. I really don't recommend this approach, though it is quite common. If you're trying to hide the information as opposed to making it more difficult to modify, users can still right-click the individual frames and click properties, in order to retrieve all of the information passed via QueryString.
(5)Use Server.Transfer to move control to a second page, which will still have access to the QueryString parameters passed to the first page (the URL of which was visible only briefly).
One problem with moving away from QueryStrings is that they make your site harder to use. If you are relying on any method other than (3), it is impossible for users to bookmark the current page as is... they can only bookmark the page in a way that resembles what would have happened if they had simply typed the URL in (which might not even work, depending on how you've constructed the page). So that's just one thing to keep in mind when deciding how sensitive your information really is, and how far you're willing to go in the balance of usability vs. security.
Also check these pages out;
http://www.codeproject.com/aspnet/urlrewriter.asp[^]
http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx[^]
Hiding any part of a url is highly suspicious. It is the sort of thing that is used in phishing attacks.
If you look at the url displayed for your question it does not use an id, it uses a named page. This is a far better way to do it.
0) You could create a GUID string and place your value at a known position in the string.
1) I think you can actually hide the query string (not display it in the address bar) - google is your friend.
2) google "asp.net single sign-on"
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
