Reputation: 3241
How best to scramble or otherwise hide get query string values in C# ASP.Net?
I'm working in C# ASP.Net and I want to hide GET values so that users cannot tinker with them. I need this because I'm creating a mechanism to allow for redirecting a POST back to a GET request, to enable browser back button navigation.
My first thought was to stash values in Session, but that seems against best practices for Session use.
What I'm trying to do now is to encrypt the query string and then use the encrypted string in the GET request. The problem is that the encrypted string is extremely long (1000+ charters), when the decrypted string is only about 30 characters.
The encryption logic I took from the MSDN here http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx
Is there a way I can do this to get a shorter encrypted string?
Or, is there just a better way to do this in general?
Upvotes: 1
Views: 1813
Answers (2)
Reputation: 7187
Pass it through a session, best way, even if this wasn't the purpose of a session at the very beginning.
Upvotes: 1
Reputation: 67273
You might try the technique at http://www.blackbeltcoder.com/Articles/security/encrypting-query-arguments.
It encrypts the query arguments and includes a checksum to make tampering difficult.
Upvotes: 3
Related Questions
- How to hide parameters from querystring (url) ASP.NET
- How to remove query string parameters from the url?
- Hide Query String in URL
- ASP.NET : Hide Querystring in URL
- taking query string values without full postback
- How to hide query string in url?
- Redirecting to a page hiding query string parameters asp.net
- How to hide querystring value in url
- How can I hide query string parameters using the Post, Redirect, Get pattern?
- Hide querystring parameters in asp.net