I am storing Vaues in RouteData as below.
new RouteValueDictionary(new { Controller = "Absence", Action = "AmendAbsence", Id = PersonGuidSelected })
I am getting the value form RouteData using the following RouteData.Values["id"].ToString()
this is okey, But the values are visible in the URL. I do not want the values to be seen in the URL.
How could I do that?
Is anyone did this before?
You could store it encrypted in the URL; simply encrypt every Querystring parameter. This has the advantage that your user can bookmark the page with the parameters (unless that is not what you want; then you can add expiration timing to your encrypted values, so that you can detect whether the URL has already expired).
Option #2 is to store your values, if you need to persist them from pageview to pageview, in encrypted non-persisted cookies on the client. You want them to be encrypted so that they cannot be read from the memory of the browser, and you want them to be non-persistent so that they do not get saved to a file. The user cannot bookmark the URL.
Option #3 is the least scalable, that is to store it in Session state on your ASP.NET server or on a State server. Either server should not be vulnerable, and therefore it is not necessary to use encryption here. But if your server is slow and/or you have a lot of visitors, this can slow down the machine. Again, visitors cannot bookmark the URL, because the parameters are not stored there.
Option #4 is to store a hash key in the URL, and to store the actual data related to that hashkey in memory or a database. Again, you have to see if this is practical in your case. Users may or may not be able to bookmark the URL, that's your choice -- if they can, then you'll need to keep a permanent record of the (hash key, values) pair.
If this is sensitive data there are a couple of possibilities:
If it is not sensitive you could use POST instead of GET so that the typical user doesn't see it in the URL.
