Hide URL (querystring)

[Guest]

Hello to all,

I have a page ASPX that calls to another one.

It does window.open to another URL, and I want to hide the URL because the
user not must see the querystring by security subjects.

I discard properties of window.open (javascript) because the url can be
displayed by contextual menu of IE - > Option Properties.


What options could take to do this?

I have two cases:

1.) I am within the same application Web.

A page aspx http://localhost:2121/TareaRevision/WFImagenes.aspx it opens to
another page aspx of the same application Web

2.) I have two applications Web.

A page aspx
http://localhost:2121/TareaRevision/WFGraficas.aspx

it calls to another page aspx of another application Web
http://localhost:2121/RepartoWF/WFTareaRevision.aspx?idvaloracion=533

The question is to hide querystring idvaloracion.

I discard use of frames. I do not know if with method POST it would be
possible to be done or even with Session; the problem would be when an
application Web calls to the other.

Thanks in advance. Greetings.

Any help will be appreciated

 

[Aidy]

It does window.open to another URL, and I want to hide the URL because the

user not must see the querystring by security subjects.

Not possible, you'll have to think of another way.

Would it be enough to encrypt the data on the querystring then have the
receiving page decrypt it?

 

[Guest]

I think it is possible encrypt-decrypt data for my project.

How I can do this ? Any help , please ?

I need some C# methods for encrypt-decrypt arguments of querystring

Thanks in advance.

 

[Mike]

Hi,

There are a couple of ways that I can think of but I think whit your after
is URL Rewriting which allows you to rewrite the url to a more friendly
name. This would allow you to pass across the querystring as normal then
rewrite to hide the info. A good article to read is:

http://msdn2.microsoft.com/en-us/library/ms972974.aspx

- Mike

---------------------------------------------------------------------------------
<a href="http://www.cogitar.net"> Cogitar Software. (
http://www.cogitar.net ) </a>
http://www.cogitar.net Cogitar Software. (Software Development and Managment
Systems)
http://www.web-dominion.co.uk Web-Dominion. (Web Design and hosting )
http://shop-dominion.com (senery landscape pictur gallery)

 

[Laurent Bugnion, MVP]

Hi,

Hello to all,

I have a page ASPX that calls to another one.

It does window.open to another URL, and I want to hide the URL because the
user not must see the querystring by security subjects.

Additionally to what others suggested, you can use POST with the
"target" attribute set to the new window's name? POST is usually what's
used when the user shouldn't see the variables. You can transmit all the
variables you now put in the querystring using hidden fields in the
form. JavaScript can handle that.

Note however that any HTTP sniffer like Fiddler will show the sent
variables in clear text, so this is not secure, it's just a convenience.

HTH,
Laurent

 

[Guest]

I have tested these:

1. Server.Transfer (Page, false);

Its appears the following error:

For Invalid path child request
'http://localhost:2121/TareaRevision/WFTareaRevision.aspx'. To virtual path
is expected.

2. Response.Redirect
I discard it because the URL can be displayed by user

3. POST

I have made the PostBack like this

<script type= " text/Javascript " language= " Javascript " >
document.forms [0] .target = “_blankâ€;
document.forms [0] .action = “<%= Page %>â€;
document.forms [0] .submit ();
</script>

And it appears an error:

Validation of viewstate MAC failed. If this application is hosted by to Web
Farm or to cluster, ensure that <machineKey> configuration specifies the same
validationKey and validation algorithm. AutoGenerate cannot be used in a to
cluster. In any case if one becomes by POST it would appear the value of
idvaloración in the code of the page aspx that does submit.

I think the best solution is encrypt url,isnt ? Or use URL Rewrite...

Thanks in advance, any information about it will be appreciated