I am wondering if the following is possible... I want to essentially accept a URL but hide the URL parameters. (have an existing ASP.NET web forms app - 4.0 on IIS 7 that I want to modify)
The effect that I am looking for is to accept a URL such as the following
http:/mysite/page.aspx?param1=100
But then have the what shows in the address bar not be something that could be copied and pasted into another browser session as a valid URL. Perhaps something like (assumes that the param1 is required)
http:/mysite/page.aspx
I have looked at a number of resources on SO and elsewhere, such as: Code Project How to Hide Params, Hide a QueryString parameters, how?, hide parameters passing to controller in address bar (URL rewrite or something else), ScottGu Rewriting URL
I know this is not the greatest idea, is not secure, etc, etc. I have a sense that it is not really possible either. The reason I want to do this is to provide a very thin layer of security. This is an internal only web app. Again, I know that it's not real security. I have considered all of the following techniques but don't see how any could work.
- Session with redirect
- URL rewrite
- POST
- Server.Transfer
I'd really rather not recreate my pages as posts. Am I correct: this is not possible? No way to just accept a valid URL with parameters but then what is left showing in the address bar of browser is not valid, or at least has parameters stripped out?
Aucun commentaire:
Enregistrer un commentaire