Last post May 06, 2013 11:11 AM by psinet
May 06, 2013 06:24 AM|rajysh|LINK
I am creating an application, my requirement is the request is made from the 3rd party application(which is not built by me) to my webservice, the request will come to my web service (.asmx page), and the response from my web service will be the redirect
location URL to the 3rd Party application(which is not built by me).
One thing is, the redirect location URL is my quote form aspx page, which is created by me, but after getting the redirect location URL as respone, 3rd party application is redirecting to the URL which is sent by me in response.
3rd Party application wanted me to use POST method, they suggested us to use http 302 redirect location for posting the URL, So we are using Http 302 redirect loction as shown in the following code.
HttpContext.Current.Response.StatusCode = 302;
HttpContext.Current.Response.Status = "302 Found";
HttpContext.Current.Response.RedirectLocation = "http://www.example.com/RequestForm.aspx?AssocID=" + AssocID + "&VendorID=" + VendorID";
The problem now is, i am sending parameters(which is required in my quote form aspx page) along with the URL as querystring, querystring is making the parameters to be exposed in the URL.
They dont want us to send the parameter along with ther URL because it is exposing the values in the URL.
Now, how can I pass parameters along with the above code, without passing parameters as query string along with the url??
Is there any solution to send parameter for HttpContext.Current.Response.RedirectLocation without using querystring.
If there is any solution, then how can i access the parameters in my quote form aspx page(the page URL which i am sending as response from my webservice to the 3rd party application)??
Can you please help me to solve the above problem??
May 06, 2013 07:59 AM|psinet|LINK
What are the parameters used for?
If you are redirecting the user to another website then there's really no way to pass a param other than a url. If the params are needed for the application to work, you should suggest encrypting them in the url string.
May 06, 2013 08:56 AM|rajysh|LINK
I am using parameters for generating a quote, i have to pass User Id as a parameter for generating a quote for particular user.
As per my above question, i am sending redirect location URL as response to 3rd party application, one thing redirect location which i am sending as response is an aspx page(i.e., request a quote page) that is in my application.
When i send response, i have to send redirect location URL and also User Id parameter for generating quote to 3rd party application, then 3rd party application will redirect to the URL which is sent by me in response URL(i.e., my request
a quote page). Also i want to access the User Id parameter in my request a quote page.
Is there any solution other than encryption, Can you please tell me?
Suppose if i am using encryption, it should not generate the same URL again, when generating a URL for same User Id.
Is there any solution for generating different URL each time?
May 06, 2013 11:11 AM|psinet|LINK
It sounds like your redirecting the user back to your own site. If so, maybe you can use a token instead of passing the values in a querystring.
You generate thew new url
HttpContext.Current.Response.RedirectLocation = "http://www.example.com/RequestForm.aspx?token=<unique token>
You save the token value somewhere on the server side along with the param values. For example, you could use sql table or a Dictionary with a application variable.
Token Value Params
token 1 params 1
token 2 params 2
When the request comes in, match the token to the params and process the page. This way you avoid the security issue of passing the values as plain text. Just make sure you make the token value complex enough to handle the number of connections you expect