How to restrict website / link access by ID on ASP.NET site?

Question

I have seen urls that look similar to this:

  www.example.com&ID=123xyz

I would like to build my site to where it only displays when there is an ID match to an ID in my database.

In other words, if someone typed in the site without an ID or incorrect ID it would error out or redirect them, but if they had the correct ID then display the page content.

I'm not exactly sure what this is referred to, and am having trouble googling or searching for it.

This is an asp.net application with a mssql backend. The idea is a user registers, and then during that process and ID is generated and stored in the database for them. A new link is generated for them with the ID attached, and at that point they can use/share that link with whoever, and since it has a valid ID it would display content.

This way anyone they shared the link with, wouldn't need to register or log in to see the page.

Where is a good place to start researching this? or how is this generally done by other sites?

Answer 1

The parameters in a URL are called query string parameters. As suggested above I would not tie this to a userid or any type of authentication id.

In your DB you can have another table like "page_share" and have a column for a userId and a second for the generated pageId.

Then in your code you can have something like:

    // get pageid from  www.abc.com&pageid=123
    int pageId = int.Parse(Request.QueryString["pageid"]);

    // TODO: Query DB for pageid and show error if it does not exist and success if it exists