will IIS keep track of the parameters sent to a post action method

john john 986 Reputation points
2022-10-17T08:21:09.253+00:00

I have the following Post action method which accept username & password, connect to Active Directory and get the user info in JSON format after validating the credentials:

[HttpPost]  
public ActionResult UserInfo(string username, string password)  
{  

now since this is a POSt action method, will IIS logs keep track of the entered parameters? in this case the username and password? If the answer is yes, then how i can secure those parameters? Thanks

Internet Information Services
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,567 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JasonPan - MSFT 6,271 Reputation points Microsoft Vendor
    2022-10-18T06:04:25.32+00:00

    Hi @john john

    First of all, we need to know that the content displayed in the URL will be recorded by IIS Log.

    As we know, Post requests can hide parameters, but the parameter information needs to be placed in the body. From a coding perspective, attributes such as [FromForm] or [FromBody] are required.

    From Postman, it will be more intuitive. The parameters in area 1 will be added directly to the URL, that is, they will be recorded. In the body of zone 2, it will not be recorded.

    251454-image.png


    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,
    Jason

    0 comments No comments

  2. Bruce (SqlWork.com) 69,501 Reputation points
    2022-10-18T15:03:30.793+00:00

    by default, IIS does not log body data, only the url.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.