Reputation: 4520
How to secure communication to IFrame window through query string in URL
In my application I am using MSSQL reportviewer ASP.NET control inside ajax tab panel as an IFrame. My choice of putting that in Iframe is because this answer.
While loading of iframe my app sending query sting to an iframe window something like this inside URL
TabID=92&_dc=1362044299421&doc_id=456
doc_id param is my param and it is filled in main-window before loading of an Iframe.
_dc parameter I think that is an ajax automatic added parameter to query string.
What will be way to secure an Iframe from unwanted loading with some others beside my main
web Form.
I do not wont to allow users open web browser and enter url with some other "doc_id" param and to pass that to my asp.net sub-page and get unwanted data.
How I can secure my sub-page which is opening inside an Iframe that render only if is called by my WebForm.
Does this _dc parameter can be used as check-sum or key for securing query sting inside URL.
Upvotes: 0
Views: 429
Answers (1)
Reputation: 411
You should generate a random one per session variable in you main form server side code, pass it in the url query, and check if it is correct on your iframe page server side code.
Also you shouldn't forget to check if your user is authorized, using the same methods(like authorization cookie) as on the main page.
Upvotes: 1
Related Questions
- Secure way to pass sensitive information to iframe
- How to pass querystring value into iframe src
- How to prevent iframe from processing url's from an outside domain?
- Read query string parameters from inside iframe
- How do I pass parameters throught ifram in asp.net?
- Request.Url when in an iFrame?
- Web application tell request from iframe?
- iframe security
- iFrames and POST variables in ASP.Net
- Harden url passing to another page using parameter