Microsoft.AspNetCore.Mvc.Localization.LocalizedHtmlStringProtecting URL Paramaters

Protecting URL Paramaters

Printed from: Snitz™ Forums 2000
URL: https://forum.snitz.com/forumTopic/Posts/68828?pagenum=1
Printed on: 05 November 2025, 01:59

Topic

Author : mafifi
Subject : Protecting URL Paramaters
Posted : 01 August 2009, 13:37
Message :

We have a code, see below, that constructs the URL below:

http://www.MySite.com/sub1/sub2/?pyActivity=WorkManager.ShowPortal&UserIdentifier=MyEmail@MyCompany.com
How can I prevent the user/hacker from modifying the [&UserIdentifier=MyEmail@MyCompany.com] as this the variable that drives the user interface?

Code:



<%

' This function grabs the employee ID from NT

Function GetEmpID

                Dim strNTUser, iPos

                strNTUser = RTrim(Request.ServerVariables("LOGON_USER"))

                iPos = Len(strNTUser) - InStr(1, strNTUser,"\",1)

                strNTUser = Right(strNTUser, iPos)

                GetEmpID=LCASE(strNTUser)

End Function

%>

<body onload="document.forms[0].submit()">

<form method="post" action="/sub1/sub2/">

<input name="pyActivity" type="hidden" value="WorkManager.ShowPortal">

<input name="UserIdentifier" type="hidden" value="<%= GetEmpID %>@MyCompany.com">

<input type="submit">

</form>

Replies ...

Reply Author: AnonJr
Replied on: 01 August 2009, 13:52
Message:

If its going to end up on the client side, there really isn't much that can be done to deter tampering. You'd be better off looking at creating solid validation on the server-side.

Reply Author: mafifi
Replied on: 15 August 2009, 17:58
Message:

I tried URL re-writing and it did not work either. I am looking to do it in ASP.NET. I will post the code when completed.