I am building a .Net app that effectively has news articles, some of which are available publicly and some of which are only available when you're logged in.
The URL to each article needs to include the article's ID in some way and until now I've been using AES to encrypt the article ID, using the user's ID as the 'shared secret' and an 8 digit string as salt.
e.g. /article.aspx?id=EvEAAAACtp2iEc7lKyJSu6382Ryl4k571L5/PQrJYY1JJfeq4F
The problem is that if the user views an article while logged in, they won't be able to copy the URL and send it on to anyone else as it won't work with another user's ID or with a non-logged-in user.
What's the right approach for including IDs in query strings (or anywhere else for that matter) when they need to be shared among known/unknown users?
Thanks.