I am using the following to redirect and call an api: In my action method I have the following:
if (token != null)
{
return Content($"https://localhost:1234/user/UserTokenLogin?token={myToken}");
}
Now i can see the token in the url. Is there a way I can hide this parameter field but still extract it on the destination api?
You need to apply an encode/decode procedure. I'll give you an example with Base64 encoding but you could find more secure algorithms if you want.
public string Encode(string strToEncode)
{
byte[] encodedVal = System.Text.Encoding.UTF8.GetBytes(strToEncode);
return Convert.ToBase64String(encodedVal);
}
public string Decode(string strToDecode)
{
byte[] decodedVal = Convert.FromBase64String(strToDecode);
return System.Text.Encoding.UTF8.GetString(decodedVal);
}
Then you can apply this as below.
if (token != null)
{
var encodedToken = Encode(myToken);
return Content($"https://localhost:1234/user/UserTokenLogin?token={encodedToken}");
}
public ActionResult UserTokenLogin(string token){
var decodedToken = Decode(token);
//do other stuff.
}
You can use with header parameters. it is usually used in the header.
Response.Headers.Add("AuthToken", "token");
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.