0

I want to build an application and have urls with no parameters, instead of /Race/2 have only /Race and so on. I am thinking of using Post-Redirect-Get, every post with [ValidateAntiForgeryToken] . In the post action result i save the parameters in the TempData and i redirect to the view result i want where i am checking TempData. I think xsrf attacks won't be a problem. I do this because i don't want urls to be ctrl-c ctrl-v. What do you think?

Improve this question

2 Answers 2

Reset to default
1

I do this because i don't want urls to be ctrl-c ctrl-v. What do you think?

While this will work and make your site safe it will open another problem: SEO. You may forget about thinks like web rank, indexing, etc... from search engines. Your site won't be indexable. If this is an intranet application and SEO is not a concern for you, then you may go ahead and do it. Or if this is a public internet application and you still don't care about SEO you may go ahead and do it. And of course if this is only inside the authenticated part of your site then of course SEO is not a concern and you may go ahead and implement it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for your reply.This is will be an internet application but SEO is not a concern for me. The site won't allow guests.
@gigi, OK, then you should be fine. Another important issue that I forgot to mention in my answer is the TempData storage location. If you store it in-memory (which is the default for session) you will have problems if you run in a web farm. So if you are running your application in a web farm you should absolutely make sure to use an out-of-process session provider or a client which is served the POST request from node 1 and the GET request from node 2 for example won't be able to fetch the data.
Great observation. I will use only one server not a collection of servers.
0

Storing values in TempData may sometimes cause issues. If we manage the page redirects and posting carefully that will be safe, otherwise the TempData will not be available to you in the desired page because of any other errors that may occur during the execution.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.