How to Redirect with POST and not with GET c#

Question

I am using Redirect with GET method like this (works fine):

Response.Redirect(string.Format("../NewPage.aspx?Name1={0}&Name2={1}","name1", "name2" );

But I would like to use POST method, so the client has no access to these variables. I searched and found "Response.Redirect with POST instead of Get?"

Currently I have the following piece of code as it is described:

StringBuilder postData = new StringBuilder();

postData.Append("Name1=" + HttpUtility.UrlEncode("Name1") + "&");
postData.Append("Name2=" + HttpUtility.UrlEncode("Name2"));

//ETC for all Form Elements

// Now to Send Data.
StreamWriter writer = null;

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";                        
request.ContentLength = postData.ToString().Length;

try
{
    writer = new StreamWriter(request.GetRequestStream());
    writer.Write(postData.ToString());
}
finally
{
    if (writer != null)
        writer.Close();
}

Response.Redirect("~/NewPage.aspx");

My question is, how can I use/get the passed variables in NewPage.aspx page?

Thanks for any help.

Answer 1

You can actually do a POST redirect, by using HTTP status code 307; and sometimes there are valid use cases, for example in a banking application.

"307 Temporary Redirect (since HTTP/1.1): In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request. For instance, a POST request should be repeated using another POST request." (source)

Read more here.

Of course, whether this is good practice in your case, is another question; there might be other workarounds related to keeping state around to avoid tampering.

EDIT: just noticed that there is already a topic on this here.