lalkacr
asked on
hide url/query string in address bar for asp.net
i am writing a asp.net 2.0/vb.net site and i need to pass a client# to a page to pull up a client specific pdf. I don't want to allow the name.pdf to show in the address bar...because someone could just change the name of the pdf to view someone else's info. how do i hide the query string or the folder/folder/name.pdf from showing?
this is what i have as the page_Init...fires
Response.Redirect("http://localhost/folder/folder/" & queryString)
the address bar will display:
http://www.site.com/folder/folder/name.pdf
I want :
http://www.site.com
If i can use javascript of some sort to simply hide the address bar that would be great...or just clean up the url I don't care.
thanks in advance...
this is what i have as the page_Init...fires
Response.Redirect("http://localhost/folder/folder/" & queryString)
the address bar will display:
http://www.site.com/folder/folder/name.pdf
I want :
http://www.site.com
If i can use javascript of some sort to simply hide the address bar that would be great...or just clean up the url I don't care.
thanks in advance...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I was thinking more on the lines of what LeeHenry suggests. Even if you hide the URL behind a frameset, smart users can still figure out the URL.
To really secure client PDFs from being requested by an unauthorized client, you will probably have to perform some form of authentication and indirectly retrieve the PDF.
For example, you could store the PDF in a directory that isn't shared by your web server, but you could write a script that retrieves the file only if an authenticated user requests it. Is that what you're looking for?
To really secure client PDFs from being requested by an unauthorized client, you will probably have to perform some form of authentication and indirectly retrieve the PDF.
For example, you could store the PDF in a directory that isn't shared by your web server, but you could write a script that retrieves the file only if an authenticated user requests it. Is that what you're looking for?
You could create a page that reads your now encrypted querystring (nice link LeeHenry) and then redirect to the new page. The C# version (I think the HttpContext line is the only one that needs changing for VB) of the code I think would be something like:
HttpContext incoming = HttpContext.Current;
incoming.RewritePath(decry ptQueryStr ing(strQue ryString), False);
This will redirect the page as it should but all in the background without actually changing the URL. If I remember rightly. The code I have that does this is in the office and I'm working from home today.
HttpContext incoming = HttpContext.Current;
incoming.RewritePath(decry
This will redirect the page as it should but all in the background without actually changing the URL. If I remember rightly. The code I have that does this is in the office and I'm working from home today.
Don't give a direct link to the pdf. In fact, store them outside the web root.
Then create a page that checks the user's permission then does a binary write of the pdf that was passed in the query string...
'check permissions
Response.ContentType = "application/pdf"
Response.AddHeader("conten t-disposit ion", "attachment; filename=somefile.pdf;"
Response.WriteFile("path/t o/users/fi le.pdf")
Then create a page that checks the user's permission then does a binary write of the pdf that was passed in the query string...
'check permissions
Response.ContentType = "application/pdf"
Response.AddHeader("conten
Response.WriteFile("path/t
Or, you could easily replace
Response.Redirect("http://localhost/folder/folder/" & queryString)
with
Server.Execute("name.pdf")
Response.Redirect("http://localhost/folder/folder/" & queryString)
with
Server.Execute("name.pdf")
ASKER
I thank all of you for your input...when I came down to it the frameset stuff worked the easiest. I just replaced the querystring with cookie stuff. all the other solutions worked, but I could still see the link and vital info in the title bar of which you can do nothing about after a new window fires to pdf...I did not have control over the new window after that... I really liked the stuff from LeeHenry!!!! I really wanted to give you props on that one...nice man. I will be using that on a proj in the near future... all the stuff adding 'application/pdf' & "attachment; file..." would give me errors that the file would be decrypted wrong because it was sent as an email attachment???? grrrrrrrr.
thanks again
thanks again
I don't recommend this as being a good idea for a website, but if you want to mask your URLs, that's how it's done. Why do you want to mask your URLs?