Share via

Best Practices for MVC Querystrings

Kmcnet 1,066 Reputation points
2022-03-01T20:45:29.24+00:00

Hello everyone and thanks for the help in advance. I am porting old Asp.Net webforms intranet application onto .Net Core MVC. The older applications used a querystring approach to pass data something like myapplication.aspx?ClientID=1234&Category=Correspondences. The pages are accessed by employees using this intranet, so the obvious security concerns are not as great passing the query data this way, but obviously not ideal. Using MVC what would the best practices way to accomplish this?

Developer technologies ASP.NET ASP.NET Core

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-03-02T02:30:41.773+00:00

    Hi Kmcnet-3080,

    Asp.net Core MVC contains the route parameter feature to avoid show the querystring like "ClientID=1234&Category=Correspondences".

    We called it friendly url in the webform.

    For example:

    This is our route: 

    app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

    This is the controller: 

    public class ProductsController : Controller
{
    public IActionResult Details(int id)
    {
        return ControllerContext.MyDisplayRouteInfo(id);
    }
}

    When the user use this url /Products/Details/5 to access the method, the id will be 5, when the client use this url.

    0 comments
  2. Kmcnet 1,066 Reputation points
    2022-03-02T11:55:49.313+00:00

    Thanks for the response. I do understand that concept, but my question is whether this is a good practice. Obviouslythe user can navigate to other parts of the site by tampering with the route. So is there a more preferrable method. How shoudl this be handled in a more public use case?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.