var url = string.Format("{0}?userid={1}&password ={2}", rootUrl, Id,password);
//use ClientScript to open a new windows from server side
var sb = new StringBuilder();
sb.Append("<script type = 'text/javascript'>");
sb.Append("window.open('");
sb.Append(url);
sb.Append("');");
sb.Append("</script>");
ClientScript.RegisterStartupScript(this.GetType(), "script", sb.ToString());
我不想在网址中显示用户ID和密码。
答案 0 :(得分:5)
您应该使用HTTP POST request来执行此操作,因为使用该方法无法显示已发布的内容,它会嵌入到HTTP消息正文中并作为查询字符串参数公开。
正如@YuriGalanter评论的那样,使用SSL(HTTPS)进行操作,以便通过网络流量加密您的邮件,从而防止嗅探器查看敏感信息。
例如:
HttpWebRequest httpWReq =
(HttpWebRequest)WebRequest.Create("http://domain.com/page.aspx");
ASCIIEncoding encoding = new ASCIIEncoding();
string postData = "username=user";
postData += "&password=pass";
byte[] data = encoding.GetBytes(postData);
httpWReq.Method = "POST";
httpWReq.ContentType = "application/x-www-form-urlencoded";
httpWReq.ContentLength = data.Length;
using (Stream stream = httpWReq.GetRequestStream())
{
stream.Write(data,0,data.Length);
}
HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
string responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
得到答复:
HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
答案 1 :(得分:0)
隐藏用户信息的最佳方式是在将查询字符串传递到另一个站点时加密查询字符串,并在当前浏览器的新选项卡中打开该URL。