ASP.NET : Hide Querystring in URL

Question

I don't know if I'm just being overly hopeful, but is there a way to hide the query string returned in the URL?

The scenario I am in is where I have page1.aspx redirecting a command to an outside server via a post, and it returns it to page2.aspx. The only problem I have with this, is that the querystring of the returned variables are still left in the URL.

I just want to hide the ugly string/information from the common user. So is there a way to edit and reload that in the pageload method or do I just have to save the variables on a middleman page and then hit page 2.

Answer 1

I don't like this approach, but it will work.

Once you know you are where you need to be you can Response.Redirect to the same page and they will be gone.

Answer 2

What is the origin of these querystring variables? Can you not submit all data as POST data, so that there is no querystring?

Answer 3

You could possibly also use

Context.RewritePath("/foo.aspx")

Here's a link to a ScottGu blog post about URL rewriting.

http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx

Answer 4

Awhile back I made some http encoding encrypt/decrypt methods for this purpose. Sometimes in asp.net you need to use the query string, but you also need the end user to not know the value. What I do is base 64 encode, encrypt the value, hash the value based on my private key, and stick them together with a -. On the other side I check the left side hash to verify authenticity, and decrypt the right side. One really nice gotcha is that + (which is a valid base64 string value) is equal to space in html encoding, so I take that into account in the decrypt.

The way I use this is add the encrypted value to the query string, and then decrypt it on the other side

    private const string KEY = "<random value goes here>";

    public static string EncryptAndHash(this string value)
    {
        MACTripleDES des = new MACTripleDES();
        MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
        des.Key = md5.ComputeHash(Encoding.UTF8.GetBytes(KEY));
        string encrypted = Convert.ToBase64String(des.ComputeHash(Encoding.UTF8.GetBytes(value))) + '-' + Convert.ToBase64String(Encoding.UTF8.GetBytes(value));

        return HttpUtility.UrlEncode(encrypted);
    }

    /// <summary>
    /// Returns null if string has been modified since encryption
    /// </summary>
    /// <param name="encoded"></param>
    /// <returns></returns>
    public static string DecryptWithHash(this string encoded)
    {
        MACTripleDES des = new MACTripleDES();
        MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
        des.Key = md5.ComputeHash(Encoding.UTF8.GetBytes(KEY));

        string decoded = HttpUtility.UrlDecode(encoded);
        // in the act of url encoding and decoding, plus (valid base64 value) gets replaced with space (invalid base64 value). this reverses that.
        decoded = decoded.Replace(" ", "+");
        string value = Encoding.UTF8.GetString(Convert.FromBase64String(decoded.Split('-')[1]));
        string savedHash = Encoding.UTF8.GetString(Convert.FromBase64String(decoded.Split('-')[0]));
        string calculatedHash = Encoding.UTF8.GetString(des.ComputeHash(Encoding.UTF8.GetBytes(value)));

        if (savedHash != calculatedHash) return null;

        return value;
    }

Answer 5

Thank you Matt Briggs for the resoultion.. i have been looking for this solution for quite some time and found it here. Works like a charm . Many many thanks :)