asp.net mvc - Hiding parameters (sensitive information) from URL of an MVC 5 application -


i working on asp.net mvc 5. when click link (placed in website) navigate userdetails.cshtml page. basically 3rd party site passing username & password site & using authorize & display further user info.

it's fine url looking

localhost:8080//admin/userdetails/username/pwd.

i don't want show username & password in url i.e url should :

localhost:8080//admin/userdetails/

one possible solution rewrite url in iis (http://www.hanselman.com/blog/aspnetmvcandthenewiis7rewritemodule.aspx)

but believe there easier way handle using routing mechanism of mvc.

please me figure out same.

edit : many of confused why not doing form post here, let me re-frame question. have no control on third party application, cant request them form post mvc application. again 3rd party application oracle reporting application (obi), doing post application might not feasible too...

let me reverse engineer requirements question:

i want have uri when invoked give access secured section of website. uri must clicked visitors of third-party site, whom give uri to. want hide credentials uri.

you cannot this, requirements conflicting. cannot hand out uris authenticate fires request uri.

you token (like http://your-site/auth/$token), still, access uri can use authenticate themselves, or put on own website.

if have data want expose third-party site, let site perform http request (with tokens, usernames, headers or whatever want use authenticate) in background site, , display response in site. visitor won't see traffic, can't share uri , secure.


Comments

Post a Comment

Popular posts from this blog

javascript - jQuery: Add class depending on URL in the best way -

i have html progress meter: <div class="col-md-3" style="margin-left: -20px;"> <div class="progress-pos active" id="progess-1"> <div class="progress-pos-inner"> login </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-2"> <div class="progress-pos-inner"> scan items </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-3"> <div class="progress-pos-inner"> confirm address </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-4"> <div class="progress-pos-in
Read more

caching - How to check if a url path exists in the service worker cache -

i need check if particular url path exists in service worker cache. example, suppose url is: /myserviceworker/service?a=110&b=70 this url exists in cache, there many of them different values of , b. now, suppose want refresh of these urls, how can that? i want know how access key values service worker cache. if know key, plan follows: var url = new url(key); if(url.pathname === "\/myserviceworker/service") refetch key but not sure how cache key , in format is. mean, string or url? cache api has match() method returns promise resolving in response object if match or undefined if no match exists. second parameter object can specify ignoresearch not take account url parameters. the ignoresearch option supported firefox ( chrome status here ). in other hand, retrieve cache entries, can use keys() method.
Read more

Redirect to a HTTPS version using .htaccess -

i need modify .htaccess file redirect urls https version without "www". http://example.com --> https://example.com http://www.example.com --> https://example.com https://www.example.com --> https://example.com this how .htaccess file looks like: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^(.*)$ redirect.php?id=$1&page=$2 [qsa,l] what modifications need make .htaccess in order forward https without "www"? it depends on doing current code. looks file called redirect trying display php page seo friendly url. think might confusing people. anyway, need , force https without www, need 1 more rule above. also second rule needs two capture groups in rewriterule test string because wanting 2 different values using $1 , $2 references. rewriteengine on #rediect www non www and/or http https --- combinations. rewritecond %{http_host} !^example\.com [nc,or] rewritecond %{https} !^
Read more