Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make ASP.NET HTML code not viewable to clients ( users)

I am wondering are there any standard mechanisms available to protect the asp.net asp code in the client browser ? I found some references to Windows script encoders. Question is, are these script encoders encodes both aspx and code behind source ? If aspx is encoded with the Windows script encoders then how client browsers can decode it? Are they aware of the encoding algorithms ?

Or can we control the client browsers ( IE, Firefox, Chrome etc) to disable the view source option in the Tasks Menu when web site a loaded in them?

Any pointers will be appreciated.

like image 982
Kishore Avatar asked Jan 20 '23 19:01

Kishore


1 Answers

The HTML code generated on a webpage is by definition public. It has to be accessible to the browser for it to be able to render the page properly. You will not find a reliable solution to hide the view source option in browsers.

To explain the basics a little bit :

When you create a page, you write markup in your .aspx file and some c# source code in the .aspx.cs file. The c# code is the server side code, which means that it is executed on the server (as opposed to, say, javascript which is executed directly in the client's browser -- client side).

When a page request is executed, the ASP.NET engine executes the server side code, and also executes the asp tags that you wrote in the .aspx page (for example : <asp:Button runat='server'... /> . It then spits out HTML code (this is a very simplified version of what actually happens).

The client's browser only ever gets the HTML (and it will not see the C# code nor any of asp markup code which is used to generate your page).

As I said before, the HTML generated is, and will always be public. There is nothing you can do to reliably hide it.

like image 139
Hugo Migneron Avatar answered Jan 31 '23 01:01

Hugo Migneron