For security reasons, I'm trying to create an algorithm that prevents querystrings on a website from being hackable. To do this, I'm tacking a securely generated checksum based on the querystring value onto the end of the querystring as a page request begins using the Begin_Request event in global.asax. I can tack the checksum onto the querystring fine, and I can prevent the user from editing the querystring, and I can even prevent the user from deleting the checksum after the page has loaded for the first time. However, I cannot prevent the user from typing in a custom querystring on their own the first time a page loads without a checksum, which in effect defeats my security system. What I'm assuming needs to be done here is to create a method to apply the checksum to a URL with a querystring before the page even begins loading. Anyone have an idea how to accomplish this?
Anyhow, if you're really looking for indestructible URLs, consider URL Rewriting. That way all your URLs have to match a REGEX pattern to get through to your pages. They also look a lot nicer!
http://www.urlrewriting.net