1

I have a webFarm application and an HTML image control as follows

<img id="logo" runat="server" src="" width="200" height="300" />

I am setting scr of this image from code behind as follows-

string mapId = "1234"; // mapId can vary
logo.Src = "./logo.aspx?mapId=" + mapId ;

Here logo.aspx is simple aspx page with following Page_load code-

logo.aspx

 protected void Page_Load(object sender, EventArgs e)
 {
     Response.Clear();
     Response.ContentType = "image/jpeg"; 

     int mapIdValue= int.Parse(Request.Params["mapId"]); // mapId from querystring

     string data = someFunction(mapIdValue); // to get image in Base64 String format
     Response.BinaryWrite(Convert.FromBase64String(data));  
     Response.End();    
 }

This works fine.

My problem is, I dont want to send mapId in query string as it is exposed to user. So what would be the possible ways to send mapId from my page to logo.aspx.
I cant use session or HttpContext Items Collection as it is a Webfarm.

I tried using previousPage but not working for me..

Any ideas on this?

Microsoft DN
  • 9,706
  • 10
  • 51
  • 71
  • How about sending the data using Post on Submit on previous page. – Mohit S Nov 20 '15 at 06:24
  • 1
    Send MapId via querystring but before sending encrypt the mapid in that way even if it exposed to user it won't benefit them thus security is maintained here. Later on in logo page decrypt if and continue with your task. – Suprabhat Biswal Nov 20 '15 at 06:36
  • In tems of security, GET and POST requests are no different other than to see post Params wireshark or fiddler is required. You should either use a state server for session management or use a DB approach to create a guid (map Id token) and send this token instead of the mapId – Oguz Ozgul Nov 20 '15 at 06:37
  • 1
    Whats the problem using session in web-farm? – Imad Nov 20 '15 at 06:40
  • Why dont you create a user control which has property map Id to set and renders the image on load....use that user control wherever u want – Viru Nov 20 '15 at 06:54

2 Answers2

0

As the browser will retrieve the image in a subsequent, independent request, the server needs to be able to recognize the map id in this new request. It is not generally impossible to use sessions in a web farm, but it requires some kind of state server/database that all the servers in the farm share.

If you are unable to use sessions in your web farm, you need to transmit some information to the client that is used in the new request to identity the map. Independent of the way you choose, the client gets hold of some id information. Even though you do not want to use a query parameter, I'd still prefer using query parameters as opposed for instance using a cookie to hand over the id to the client. The main reason is that it will also work if you have several maps on a page.

In order to hide the real id for the client you can create an artificial id, e.g. a GUID that you can use to retrieve the image. You'd need to store the artificial id so that you can identify the map.

You can limit the artificial id so that it is valid only for some time, a number of requests or for a specific user. This way, the client is only able to use the artificial id in a very limited amount of time.

Of course, this requires some effort, but should be a stable way also in a Webfarm.

Markus
  • 20,838
  • 4
  • 31
  • 55
-1

it may be usefull. please refer the below link http://www.c-sharpcorner.com/UploadFile/gopenath/Page107182007032219AM/Page1.aspx

Praba
  • 31
  • 9