Home/ Questions/Q 7922755
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T17:04:30+00:00

I have a custom log in that returns an encrypted Token, which indicates that

  • 0

I have a custom log in that returns an encrypted Token, which indicates that a user is logged in. This Token is passed to another page(Dash.aspx) via QueryString.

Dash.aspx takes the token from the QueryString and posts it to a hidden field on the page.
Javascript reads that value and holds it in memory. That Token is then used to make web service calls. When these calls complete a new Token value is returned, and javascript stores that value (replacing the old one).

I want to add new pages for access after log in. These pages will need a valid Token passed to them. A user would move from Dash.aspx to one of these new pages and back (so just a few different links at the top of a Masterpage)

I don’t like passing the Token via QueryString. And I am not sure how to keep the Token updated where accessible on page change.
I want to avoid using Session to store and pass the Token if possible

How can I pass my Token more discreetly and make sure it always passes the most up to date value?

I realize this is a fairly broad question, but im at a loss. I feel like there is probably some pre built idea that will handle this, i just dont know what or how to use it.

Thanks

Update

So an example was asked for:

Step 1: User logs in – > zholen/zholen123

  • Service is called to validate username and password -> returns Token (‘ABC’)
  • Redirect to Page Dash.aspx?token=ABC

Step 2: Dash.aspx grabs token from querystring and assigns to hidden field on page

  • Javascript object grabs token from hidden field and stores internally
  • JS Object makes several async calls to various services, each service returns
    a new updated Token, internal token is updated with new value(Tokens expire every 30 min)

Desired new steps

Step 3: Move from Dash.aspx to Account.aspx

  • Account.aspx requires valid Token to load
  • Call more services and change Token

Step 4: Move from Account to Dash.aspx with up to date token

Service calls are made either via a Web Service(asmx) or through page methods depending whether the action desires a data return (asmx) or an html return(page method -> table prefilled with data) or on page load

Based on suggestion of Cookies, I think it would be possible to reset the cookie with the new token value during these calls on C# end, assuming that i could do that kind of thing from an ASMX and that the async of the whole thing wouldn’t cause issues.

Also I can make the JS object which internally stores an up to date token place that value back into the hidden field if that would help make it accessible from the C# end.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use cookies… You may want to use your intermediate encryption as cookies can be read externally.

            //c#

        HttpCookie cookie = new HttpCookie("myTokenCookie");
        cookie.Value = tokenString;
        Response.SetCookie(cookie);

        // then get it back later
        s = Request.Cookies["myTokenCookie"].Value;

        // then you could write it into a hidden input for retrieval in JS
    • 0