All geek questions in one place

How to make ASP.NET HTML code invisible to clients (users)

I am wondering if there are any standard mechanisms for protecting asp.net asp code in a client browser? I found some links to Windows encoders script. The question is whether these script encoders encode both aspx and the code behind the source? If aspx is encoded using Windows script codes, how can client browsers decode it? Do they know coding algorithms?

Or can we control client browsers (IE, Firefox, Chrome, etc.) to disable the view source option in the Tasks menu when the website is loaded?

Any pointers would be appreciated.

+4
source share
6 answers

The HTML generated on a web page is, by definition, publicly available. It must be accessible to the browser so that it can display the page correctly. You will not find a reliable solution to hide the view source setting in browsers.

To explain the basics a bit:

When you create the page, you write the markup in your .aspx file and some C # source code in the .aspx.cs file. C # code is server-side code, which means that it runs on the server (unlike, say, javascript, which runs directly in the client browser, on the client side).

When a page request is executed, the ASP.NET engine executes the server-side code and also executes the asp tags that you wrote on the .aspx page (for example: <asp:Button runat='server'... /> ). Then it spills out HTML code (this is a very simplified version of what is actually happening).

The client browser only ever receives HTML (and it will not see C # code or any asp markup code that is used to create your page).

As I said, the HTML created is and will always be publicly available. You cannot do anything to securely hide it.

+4
source

Server code (i.e. code on pages with a code name, controllers, helpers, n %% nuggets%, etc.), of course, will never be visible to the web client.

Your aspx or view files (i.e...aspx, .cshtml, .vbhtml) will also not be visible to web clients unless you have a signficiant security vulnerability, but the HTML generated by the specified files will be along with any output or referring to JavaScript.

If the client was unable to read HTML or JavaScript, how can the web browser parse it?

Here's a question about obfuscating JavaScript, which will at least hinder but not completely remove the user's ability to view your source: How can I confuse (protect) JavaScript?

Likewise, theoretically it would be possible to confuse the output HTML, but it could also probably be reversed with some work.

+3
source

It is not possible for the user to see your server (C #) source.
It is not possible to stop the user from viewing your client (HTML and Javascript) source.

+1
source

No code is sent to the client, but only the displayed HTML.

there is no way to completely remove the ability for the client to view the HTML source. The only thing you can do is obfuscate your HTML to make it harder to say what they are looking at.

There are many libraries for obfuscating HTML in .net if you are doing a google search.

0
source

I am confused, but ...

  • If you use ASP.NET markup, you donโ€™t need to worry, as any request to an ASP.NET page will compile the page (if it has not already been or was not cached), which displays the contents of the page as HTML.

  • If you are worried that people are navigating your code (for example, mysite.com/SomePage.aspx.cs), you do not need to worry, because ASP.NET will not serve this content [unless the standard configuration has been changed].

  • If you are worried about people accessing your code via FTP, I would suggest that you change your compilation method and not expand the source.

Did I miss something?

0
source

In javascript terms, the only thing you can do is obfuscate it to such an extent that it makes it useless for someone who is trying to understand.

0
source

Source: https://habr.com/ru/post/1334401/

More articles:


All Articles