How to pass values in URL in c#

Question

I am redirecting to a page changepassword, I want to pass the useremail and password in the url which I get in the current page. How can I pass it in the url. I dont want to use session or cookie.

 Response.Redirect("ChangePassword.aspx");

Answer 1

First of all, the Response.Redirect method supports a full URL as the parameter, so you can use:

Response.Redirect("ChangePassword.aspx?Username=sweko&password=secret");

That will redirect the browser to that page, and the user will be free to inspect and modify the URL further, just the same as if he entered it manually.

There is absolutely nothing that will prevent the user to enter another user's username and there is no way that you'll be able to prevent a malicious onlooker from looking at the URL, so sending security information in the URL is a horrible, horrible idea.

Answer 2

Please use Session object to keep this information!!!

Have a look ASP.NET Session State Overview

Don't use

Response.Redirect("ChangePassword.aspx?password=_543k@sdfPASS");

to send any security data!!!

Answer 3

Response.Redirect("ChangePassword.aspx?username=user&password=pass"); same as Querystring passed from Ajax.
but that's not a good idea

Answer 4

well you can append querystring parameters like this:

Response.Redirect("ChangePassword.aspx?test=value1&test2=value2");

surely I would not put any password in there anyway...

Answer 5

Response.Redirect("ChangePassword.aspx?MyParam=MyValue");

See: http://msdn.microsoft.com/en-us/library/t9dwyts4%28v=VS.90%29.aspx