asked on

prevent modification of hidden field values ...

Hi!

In my .aspx page, in a form, there are a few hidden fields which are being used, which I use to

store information. Now, its always possible for a rogue user to view the source html/jscript of a

page and modify some values and submit the form with doctored data ... I was wondering whether

there is built in functionality in ASP.NET to prevent this behaviour - specifically, preventing a

user from manually modifying the values for hidden fields (e.g, saving the page on his local

disk, modifying the values keeping the form's ACTION url the same, then opening up the doctored

version in a browser and pressing submit).

thanks :)
muskad202

nauman_ahmed

If your application is in VS.NET 2005 you can use aspnet_compiler.exe utility to compile your application. This utility compile even the ASPX pages in the respective dll. The physical ASPX file contains no HTML entries; the HTML code get generated on runtime.

--Nauman.

nauman_ahmed

VS.NET 2005 or ASP.NET 2.0

-Nauman.

muskad202

ASKER

but in the generated html, hiddenfields would yet be present. when the user presses submit, the only way the asp.net application can retrieve the value of thos hidden fields is through the data which was "POST"ed via the form (since i dont think it maintains any sort of session variables or something for hidden fields). So, if it relies on the POSTed data for containing the values of the hidden fields, then someone can manipulate the data being POST-ed. I was hoping there would be some sort of encrypted data on the form which asp.net would use to retrieve the hidden field values, rather than using the normal HTML Hidden Fields.

muskad202

ASKER CERTIFIED SOLUTION

Sammy

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

muskad202

ASKER

ok .. i had thought of that .. but wsa hoping there would be a simpler way to do it.

thanks :)