How can i hide the Request parameter fields in url using MVC?

Question

I am using the following to redirect and call an api: In my action method I have the following:

        if (token != null)
        {            
           return Content($"https://localhost:1234/user/UserTokenLogin?token={myToken}");
        }

Now i can see the token in the url. Is there a way I can hide this parameter field but still extract it on the destination api?

Answer 1

You need to apply an encode/decode procedure. I'll give you an example with Base64 encoding but you could find more secure algorithms if you want.

public string Encode(string strToEncode)
{
    byte[] encodedVal = System.Text.Encoding.UTF8.GetBytes(strToEncode);
    return Convert.ToBase64String(encodedVal);
}

public string Decode(string strToDecode)
{
    byte[] decodedVal = Convert.FromBase64String(strToDecode);
    return System.Text.Encoding.UTF8.GetString(decodedVal);
}

Then you can apply this as below.

if (token != null)
{  
  var encodedToken = Encode(myToken);          
  return Content($"https://localhost:1234/user/UserTokenLogin?token={encodedToken}");
}

public ActionResult UserTokenLogin(string token){
     var decodedToken = Decode(token);

     //do other stuff.
}

Answer 2

You can use with header parameters. it is usually used in the header.

Response.Headers.Add("AuthToken", "token");