Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Several months later, I thought I would update this question with the technique I ended up going with, since it has worked out so well.</p> <p>After playing with more involved session state handling (which resulted in a lot of broken back buttons and so on) I ended up rolling my own code to handle encrypted QueryStrings. It's been a huge win -- all of my problem scenarios (back button, multiple tabs open at the same time, lost session state, etc) are solved and the complexity is minimal since the usage is very familiar.</p> <p>This is still not a magic bullet for everything but I think it's good for about 90% of the scenarios you run into.</p> <p><strong>Details</strong></p> <p>I built a class called CorePage that inherits from Page. It has methods called SecureRequest and SecureRedirect.</p> <p>So you might call:</p> <pre><code> SecureRedirect(String.Format("Orders.aspx?ClientID={0}&amp;OrderID={1}, ClientID, OrderID) </code></pre> <p>CorePage parses out the QueryString and encrypts it into a QueryString variable called CoreSecure. So the actual request looks like this:</p> <p>Orders.aspx?CoreSecure=1IHXaPzUCYrdmWPkkkuThEes%2fIs4l6grKaznFGAeDDI%3d</p> <p>If available, the currently logged in UserID is added to the encryption key, so replay attacks are not as much of a problem. </p> <p>From there, you can call:</p> <pre><code>X = SecureRequest("ClientID") </code></pre> <p><strong>Conclusion</strong></p> <p>Everything works seamlessly, using familiar syntax.</p> <p>Over the last several months I've also adapted this code to work with edge cases, such as hyperlinks that trigger a download - sometimes you need to generate a hyperlink on the client that has a secure QueryString. That works really well.</p> <p>Let me know if you would like to see this code and I will put it up somewhere.</p> <p>One last thought: it's weird to accept my own answer over some of the very thoughtful posts other people put on here, but this really does seem to be the ultimate answer to my problem. Thanks to everyone who helped get me there.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload