MVC 5 c# hide url parameter
Question
$.ajax({ type: "POST", url: "@Url.Action("SignInUp")", data: JSON.stringify({ email_add: email_add ,}), contentType: "application/json; charset=utf-8", success: function (response) { if (response.result == 'SignUp') { alert("Opp`s its look like you dont have an access for this website"); window.location = response.Urls; } else { alert("Success fully login"); window.location = response.Url; } } });
hi guys I`m new in mvc5 c# and i in counter this problem i want to hide my url parameter. any can help me thank you for advance
this is my code:
public ActionResult SingInUp(string email_add)
{
bool obj = db.tblUsers.Any(x => x.email_add.Equals(email_add));
if (obj)
{
tblUser user = db.tblUsers.Single(x => x.email_add == email_add);
Session["email_add"] = user.email_add;
Session["fname"] = user.fname;
Session["lname"] = user.lname;
return Json(new { result = "Redirect", Url = Url.Action("Check", "ProjectV3") });
}
else
{
return Json(new { result = "SingUp", Urls = Url.Action("SignUp", "ProjectV3", new { email_add = email_add}) });
}
}
2 answers
solution1
1 2017-03-03 03:25:16
Unless you want to go to POST rather than URL parameters you are stuck. If you just want to hide some of the implementation details you could encode the parameter to obfuscate its meaning.
return Json(new { result = "SingUp", Urls = Url.Action("SignUp", "ProjectV3", new { email_add = Base64Encode(email_add)}) })
...
public static string Base64Encode(string plainText) {
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
return System.Convert.ToBase64String(plainTextBytes);
}
You would end up with a URL like: http://localhost:1126/ProjectV3/SignUp?email_add=cGtleWJpcmQ5NUBnbWFpbC5jb20= . You could obviously change the name of the parameter to hide its intent.
solution2
1 ACCPTED 2017-03-03 04:08:06
If you want to effectively hide something from the client Url you will need to find a way to either mask it, or store it somewhere on the server that can be captured on the next request.
There are many places you can store this data on your server but really the obvious ones are.
-
Cookies -
TempData
Now TempData may seem like the obvious choice as it persists across requests and is cleared from the TempData when accessed. Which is also its downfall, lets say you set the TempData in your SingUpIn method, then return the JsonResul which I am assuming is then used via JavaScript for a redirect. Then you redirect to this page and then pull the value of the TempData dictionary it is subsequently removed. So if the person ends up on the SingUp page and for some reasons decides to refresh the page the value in the TempData wont be found again.
Now this can be handled by resetting the TempData property on each read. So basically you read the TempData item then you reassign the TempData entry.
Here is some very basic code that [basically] works and doesnt show the email in the url.
public ActionResult SignUpIn(string email_acct)
{
//pretend i tested for a real user
TempData["email_acct"] = email_acct;
var r = new { result = "SingUp", Urls = Url.Action("SingUp") };
return Json(r);
}
public ActionResult SingUp()
{
if (!TempData.ContainsKey("email_acct"))
{
//no temp data email.. maybe redirect.. who knows!!
return RedirectToAction("Index");
}
//read the temp data entry..
string emailAcct = TempData["email_acct"].ToString();
//reset the temp data entry
TempData["email_acct"] = emailAcct;
return View(new SingUpModel { EmailAccount = emailAcct });
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.