1 
        var url = string.Format("{0}?userid={1}&password ={2}", rootUrl, Id,password);

        //use ClientScript to open a new windows from server side
        var sb = new StringBuilder();
        sb.Append("<script type = 'text/javascript'>");
        sb.Append("window.open('");
        sb.Append(url);
        sb.Append("');");
        sb.Append("</script>");
        ClientScript.RegisterStartupScript(this.GetType(), "script", sb.ToString());

我不想在 url 中显示用户名和密码。

4

2 回答 2

5

您应该使用HTTP POST 请求来执行此操作,因为使用该方法看不到发布的内容,它嵌入在 HTTP 消息正文中并作为查询字符串参数公开。

正如@YuriGalanter 评论的那样,使用SSL (HTTPS) 进行操作,以便通过网络流量加密您的消息,进而防止嗅探器看到敏感细节。

例如:

HttpWebRequest httpWReq =
    (HttpWebRequest)WebRequest.Create("http://domain.com/page.aspx");

ASCIIEncoding encoding = new ASCIIEncoding();
string postData = "username=user";
postData += "&password=pass";
byte[] data = encoding.GetBytes(postData);

httpWReq.Method = "POST";
httpWReq.ContentType = "application/x-www-form-urlencoded";
httpWReq.ContentLength = data.Length;

using (Stream stream = httpWReq.GetRequestStream())
{
    stream.Write(data,0,data.Length);
}

HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();

string responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();

并得到回应:

HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
于 2013-09-26T18:24:18.930 回答
0

隐藏用户信息的最佳方法是在将查询字符串传递到另一个站点并在当前浏览器的新选项卡中打开该 URL 时加密查询字符串。

于 2013-09-28T18:14:55.560 回答