For security reasons, I'm trying to create an algorithm that prevents querystrings on a website from being hackable. To do this, I'm tacking a securely generated checksum based on the querystring value onto the end of the querystring as a page request begins using the Begin_Request event in global.asax. I can tack the checksum onto the querystring fine, and I can prevent the user from editing the querystring, and I can even prevent the user from deleting the checksum after the page has loaded for the first time. However, I cannot prevent the user from typing in a custom querystring on their own the first time a page loads without a checksum, which in effect defeats my security system. What I'm assuming needs to be done here is to create a method to apply the checksum to a URL with a querystring before the page even begins loading. Anyone have an idea how to accomplish this?
Our community of experts have been thoroughly vetted for their expertise and industry experience.