C# POST and be transfered to another site (https)

Question

Hi!

I am supposed to post some data to a site, using C#. I could post by just using a formular and simple html code. But I do not want any user to be able to look at the source code.

My basic code is:

        WebRequest request = WebRequest.Create("https://blabla.bla");
        request.ContentType = "application/x-www-form-urlencoded";
        byte[] bytes = Encoding.ASCII.GetBytes(parameters);
        request.Method = "POST";
        try
        {
            request.ContentLength = bytes.Length;
            request.GetRequestStream().Write(bytes, 0, bytes.Length);
        }
        catch (Exception e)
        {

        }
        finally
        {
            if (request.GetRequestStream() != null)
            {
                request.GetRequestStream().Close();
            }
        }

This posts the data. But how would I do if I want to be transfered to the url and bringing the needed variables? Is it even possible? The site I want to be transfered to is a https.

Answer 1

If you want the user to end up at the page, you'll have to do the post from the client. This means the data has to be on the client. You could get the html of the page like you've done and write that out to the browser, but then if the user clicked anything or did anything with that rendered html, missing sessions/cookies etc could be a mess.

You could have a javascript function in an external minified/obfuscated js file that took in any necessary parameters, such that you build the form and submit it from that javascript function. Yes, a user could still figure out what is happening if they did deep enough, but the client browser has to know the data in order to send it. You have to find the trade-off between security and your userbase and their likelihood to dig into the source code.