views:

332

answers:

6

I need to be able to open up an external URL in my website with out revealing it to my users (both in the browser and in the source). I do not want them to be able to copy the URL and edit the query string to their liking. Is there a way to open the URL in an iframe, or something of the like, and hide/mask its source?

This is an asp.net 2.0 website.

+3  A: 

No. If you are having the clients machine do something (i.e, point their browser to a web page), you can not keep that information from them.

You can render that page server side in a flash widget or some other container but you can't do it on the clients machine.

Kevin
+1  A: 

Best bet: You can make a server-side XMLHTTP request, grab the response and feed in back into your page using AJAX.

Diodeus
+1  A: 

You could possibly do it server side by:

  1. Opening a network connection to the site you want
  2. Obtaining the HTML from a HTML/Get request on the URL
  3. Inserting it into your page on the server side

That would probably slow down your page load considerably though, and could come coupled with legal issues.

workmad3
+3  A: 

Could you do the following:

  1. Accept parameters from the user.
  2. Have a webpage or backend process which uses this to download the PDF to a temporary store.
  3. Then stream this to the client, so they don't know about the URL where the PDF is generated? (or just stream directly, without downloading temporarily.)

This way users would never know about the other site, and it should be much more secure.

This could also use some validation/authentication so users are unable to alter the parameters passed to retrieve other users' PDFs.

Bravax
stream directly +1
Sunny
+1  A: 

I had a similar problem myself a while ago and did something along these lines (C# .NET 2.0);

 public void StreamURLContents(string URL)
 {
  WebRequest req = WebRequest.Create(URL);

  using (HttpWebResponse resp = (HttpWebResponse)req.GetResponse())
  using (Stream dataStream = resp.GetResponseStream())
  using (StreamReader reader = new StreamReader(dataStream))
  {
   string currentLine = reader.ReadLine();
   while (currentLine != null)
   {
    Response.Write(currentLine);
    currentLine = reader.ReadLine();
   }
  }
 }

You would have to tailor the writing of the HTML to suit your particular application obviously, and you'd break all of the relative links in the target site (image URLs, CSS links etc.), but if you're only after simple text HTML and want your web app to grab it server-side, then this is a good way to go.

C.McAtackney
A: 

You can make a one-time URL by doing the following:

  1. Store a GUID in a database
  2. Allow the client to request the GUID via hyperlink or other means. The GUID is used in the URL as the fake page; example: http://www.company.com/foo/abc-123-efg-456.aspx
  3. Use URL Rewriting to capture and inspect all requests to the directory "foo" and redirect to your handler.
  4. Confirm the GUID is valid, then mark it as "expired" in the database
  5. Send the appropriate data (a PDF?) to the client as the response to the request.
  6. Any subsequent requests to the same URL fail.
AndrewDotHay