Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have form submission doing a post back. The controller action accepts the values as parameters. For ex: EditProduct(int productid, string productname).
productid is supplied from the form in a hidden field. How can I ensure that that a user
will not invoke this action and pass this productid and name as queystring and the model binding will bind the vales and product is saved in database?
You can sign the product ID with a secret key on your server (using HMACSHA512), then verify the signature in the postback.
You might want to include the current date and/or the user or session ID when signing to prevent replay attacks.