Home
ASP.NET Forums » General ASP.NET » Security » Authenticate user when changing the value in Query string included in URL(Need Security)

Authenticate user when changing the value in Query string included in URL(Need Security)

Last post 07-11-2007 12:07 AM by XiaoYong Dai – MSFT. 1 replies.

Sort Posts:

  • Authenticate user when changing the value in Query string included in URL(Need Security)

    07-07-2007, 4:02 AM
    • Loading...
    • srik22
    • Joined on 05-08-2007, 6:55 AM
    • Hyderabad
    • Posts 7

    Hi

    In my Web Application, Depending on Query string value(userId) I am displaying the Details of a User. So If I change the query string value in URL which automatically displaying the results. Like In this URL ForumID=25 to 26, 27, 28.   http://forums.asp.net/AddPost.aspx?ForumID=25 

    I am using Form Authentication and I have tried by adding the code enableCrossAppRedirects="false" but It' s repeating Same.

    <authentication mode="Forms">

    <forms name="security" loginUrl="Login.aspx" defaultUrl="Home.aspx" protection="All"
      enableCrossAppRedirects="false"     />

    </authentication>

    <authorization>

    <deny users="?"/>

    </authorization>

    Depending upon Logged user, How could I give security to this page. I mean he changes, the page has to redirect Home page or LogIn page. 

     

    Thanks in Advance for Sharing your knowledge and helping me

    Srik

    srik

  • Re: Authenticate user when changing the value in Query string included in URL(Need Security)

    07-11-2007, 12:07 AM
    Answer

    Hi

    For sensitive information transfer by url, please do not use cleartext format. instead, you can try this article: Creating Tamper-Proof URLs

    http://aspnet.4guysfromrolla.com/articles/083105-1.aspx

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.
    Best Regards
    XiaoYong Dai
    Microsoft Online Community Support

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Page 1 of 1 (2 items)
RSS Available

Advertise on ASP.NET

About this Site

Microsoft Communities
Page view counter