Link to home
Start Free TrialLog in
Avatar of levyuk
levyuk

asked on

Most secure way of passing information between pages with asp.net 2.0

Hi,

I'm wondering what is the most secure method of passing information between different pages. I can pass info using the QueryString but everyone can read what is in the URL. Is there a better way. I suppose I could encode the information then put it into the querystring but it looks messey. Any better solutions?

Thanks
J
ASKER CERTIFIED SOLUTION
Avatar of aki4u
aki4u

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of laotzi2000
laotzi2000

I agree.

The most secure way should be one that the information is only contained on the server and never pass to the client.
Session can achieve that.
Avatar of levyuk

ASKER

How can I integrate that into a link? I want people to be able to click a link and show information about say a certain user.
the same way you use Request...just replace it it with Session
Avatar of levyuk

ASKER

Ok that makes sense, now to make it worse :)

Within my page I get a list of users in the same role as the current user. I output a link so that you can click on the users name and see their profile. The code to do this is:

        foreach (string user in Roles.GetUsersInRole("Members"))
        {
            Label1.Text += "<a href='viewProfiles.aspx'>" + user + "</a><br />";
        }

I don't understand how to make it so that when I get to the viewProfiles.aspx page I will be able to get the correct user name that was clicked.
In this case, the information(I suppose it's the user name) is passed from client to server.
To secure that, you have to use SSL or something alike to encrytp it.