Reputation: 63
How to handle query string in Asp.net MVC 5
I have an ASP.NET MVC 5 website. I have used action link while designing table to display a list of data. while navigating from that action link I have passed a class object as a parameter. After visiting that link, it parses that object parameter as long query string which exposes data in the URL.
What is the way to handle a query string in MVC?
Is it possible to hide query string or way to pass an object as a parameter without exposing it in the URL?
Upvotes: 0
Views: 322
Answers (1)
Reputation: 9463
You can not hide the query string, it is part of the URL. You could encrypt it tho.
One solution would be to use a POST request instead of a GET. Then you can send the data in the body of the request, it will not show up in the URL. But it will still be accessible if you inspect the network traffic (e.g. if you run Fiddler on the client computer).
Another solution would be to still use a GET request, but instead of passing all the data, just pass an ID, then load the data again from the database using this ID. Note that this ID can be spoofed too, so make sure the User has actually the permissions to request this ID.
@Html.ActionLink("Show details", "Details", "Data", new { dataId = Model.Id })
[HttpGet]
public ActionResult Details(long dataId) {
var data = _dbContext.Data.Find(dataId);
var vm = new DataDetailsViewModel(data);
return View("Details", vm);
}
Upvotes: 2
Related Questions
- Use querystring variables in MVC controller
- How do I access query string parameters in asp.net mvc?
- Handle querystring coontaining [] in asp.net
- Concating Querystring in ASP.NET MVC
- How to access a query string in MVC
- ASP.Net MVC 3 Querystring Parameter
- ASP.NET MVC: How can I pass a querystring variable
- Working with query strings
- asp.net MVC QueryString
- How to avoid query string parameters in MVC