0

Our site consists of 3 main pages we call "Start.aspx" and then a content iframe inside of that where the user does nearly all of the site interactions.

Recently though, I've had to implement functionality that will jump between Start.aspx pages in different products and automatically change the content iframe to a specified page.

The actual functionality works just fine, but the issue we're having is that the full querystring is exposed. Because we load all pages in the content iframe, the page URL remains at "Product/Start.aspx" during regular site usage.

However, this new functionality is passing a querystring to Start.aspx (which has appropriate parsers to load the requested page in the content iframe), and we need that URL to remain as "Start.aspx".

So far, I've researched into URL Rewriting, which was throwing errors because the landing page for each product is "[Product]/Start.aspx". I've looked at a different URL Rewriting solution, as well as ScottGu's blog post on routing.

The issue is that these solutions seem to be used for simplifying navigation, such as taking "Blogpost.aspx?Year=2013&Month=07&Day=15" and turning it into "Blogpost.aspx/2013/07/14" which really isn't what we're going for. We're not trying to simplify navigation via URL, we're really just trying to completely hide our querystrings.

What we're going for is turning "[Product]/Start.aspx?frame=Company.aspx?id=1570" into "[Product]/Start.aspx" once the content iframe has what it needs from the initial querystring. We don't need to account for every single page. We just need that to be the overarching rule. 90% of the time it won't be an issue, as most of the work being done doesn't jump from product to product without the user just switching products (which is done in a fashion that specifically uses "Response.Redirect("[Product]/Start.aspx")".

Once the content iframe has loaded from the Querystring paramters, we don't need them anymore for anything. The rest of the functionality runs through the iframe without any issue.

Am I overthinking this, or am I asking for something that's not really feasible?

4

3 回答 3

2

至于字面上的“删除所有查询字符串字符”并且仍然能够将查询字符串值传递到另一个页面,我认为这是不可能的。除非你在会话变量或类似的东西中这样做。

如果您只是担心敏感数据在查询字符串中以纯文本形式显示,则可以选择“加密”查询字符串:

http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings

查询字符串仍将显示,但它将是“Product/Start.aspx?e0ayfefae0y0someencryptedmess108yfe0ayf0a”。接收查询字符串的页面将对其进行解密。所以查询字符串的功能是存在的,但最终用户不知道这些值。

于 2013-07-15T21:30:37.533 回答
1

由于您已将此标记为 ASP.NET 问题,因此我想说的方法是将导航数据保存在 Session 变量中。

于 2013-07-15T21:28:09.913 回答
1

您可以使用 POST 代替 GET 吗?这样,数据就在表单中,而不是在查询字符串中。

作为旁注,隐藏参数以使 URL 看起来更漂亮并且可以添加书签是可以的。如果您出于任何安全原因这样做,那么它的安全性非常浅。对于用户来说,查看表单和查询字符串中传递的内容并更改和重新发布这些内容是微不足道的。安全需要主要在服务器端处理。

于 2013-07-15T21:25:26.763 回答