1

I need to hide Query string when page displayed. Tried a few examples, that supposed to work, however they are not work for me. My client page based on Master page(not sure if it make any difference)

Attempt #1

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Dim isreadonly As PropertyInfo = GetType(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance Or BindingFlags.NonPublic)
    ' make collection editable
    isreadonly.SetValue(Me.Request.QueryString, False, Nothing)
    Me.Request.QueryString.Clear()

End Sub

Attempt #2

Private Function BuildQueryString(ByVal useKeyValues As NameValueCollection, ByVal RemoveKeys As List(Of String)) As String
    Dim Key As String
    Dim retQueryString As String = ""
    Dim AddKeyValue As String

    'Step through each key value pair
    For Each Key In useKeyValues.AllKeys

        'if key isn't in the RemoveKeys list then add to the new querystring
        If Not RemoveKeys.Contains(Key) Then
            AddKeyValue = Key + "=" + useKeyValues(Key)

            If String.IsNullOrEmpty(retQueryString) Then
                retQueryString += "?" + AddKeyValue
            Else
                retQueryString += "&" + AddKeyValue
            End If
        End If
    Next

    Return retQueryString
End Function

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load


    Dim SearchValues As NameValueCollection
    Dim KeysToRemove As New List(Of String)

    Try
        SearchValues = Request.QueryString

        'figure out what keys need to be removed and add one or more
        KeysToRemove.Add("OrderId")

        If SearchValues.Count > 0 Then
            'writes original url with querystring
            Response.Write(Request.RawUrl + "<br><Br>")

            'writes new url with new querystring

            Response.Write(Request.Url.AbsolutePath + BuildQueryString(SearchValues, KeysToRemove))
        Else
            'For example redirects to this page adding querystring
            Response.Redirect("NewPage1a.aspx?SomeKey=SomeValue&SomeOtherKey=AnotherValue&OrderId=2")
        End If

    Catch ex As Exception

    End Try

End Sub

Any advise about what am I doing wrong greatly appreciated.

user2138121
  • 65
  • 5
  • What exactly are you trying to do here and why? Modifying the query string of the *request* doesn't sound right, because why would you need to do that? Modifying the query string of the *response* just plain doesn't make sense, since there isn't one. – David Aug 15 '16 at 19:28
  • Please only include the specific code to your problem and explain in more detail the problem you are trying to solve like the sequence of events as they are happening now and what you would like to happen. – Heather92065 Aug 15 '16 at 19:51
  • You can hide the query string by using redirection. i.e. put the query parameters in the session and send the request to a new page which handles the request. This tends to have a side effect of making your application stateful, which is not desirable – Tibrogargan Aug 15 '16 at 21:55
  • I have query string "NewPage1a.aspx?SomeKey=SomeValue&SomeOtherKey=AnotherValue&OrderId=2" and i want bar to show "NewPage1a.aspx" . What is the business purpose for that I prefer not discuss, but there is one. – user2138121 Aug 16 '16 at 11:28
  • In Request, just before page get shown, I would like to remove parameters from query string, which is recommended everywhere to use Request.QueryString.Clear(), I guess I need a working example on how to use that, whatever I found on stackoverflow working for other cases is not working for me, and i am trying to understand why and what am i missing. – user2138121 Aug 16 '16 at 11:34

1 Answers1

0

I can think of a few options, none are "easy" to do, but all could potentially help.

1 - Use JavaScript upon the loading of the page to edit the URL. While the URL may temporarily be available, client side script could alter this value - see Change the URL in the browser without loading the new page using JavaScript for more information.

2 - Have the user access the application via an intermediary page that stores the data you need and then redirects the user (via Response.Redirect) to a URL you're comfortable with. Store the data you need to access via cookie, HTML Local Storage, or Session, and re-access that data at the final page the user lands on.

3 - Keep the data in the URL, but use encryption to protect the data you find sensitive or worry about manipulation.

All that being said, the problem you're trying to solve is simply trying to protect QueryString data, which is inherently insecure. I don't know anything about your application, but if you're worried about the sensitivity of the data, you can continue to put lipstick on a pig.. but it's still a pig (aka.. don't use querystring when it's something you want to protect).

Community
  • 1
  • 1
ewitkows
  • 3,293
  • 3
  • 36
  • 55
  • Thanks you, ewitkows, I did tried windows.location in javascript as well and it was failing for me. I have red discussion you advising, it is mostly to redirect from one page to another, and I have tried to redirect to it self, however, I need to keep page populated with whatever values passed in in original request. – user2138121 Aug 16 '16 at 11:45