如何在重定向到另一个网站的页面时隐藏查询字符串

        var url = string.Format("{0}?userid={1}&password ={2}", rootUrl, Id,password);
        //use ClientScript to open a new windows from server side
        var sb = new StringBuilder();
        sb.Append("<script type = 'text/javascript'>");
        sb.Append("window.open('");
        sb.Append(url);
        sb.Append("');");
        sb.Append("</script>");
        ClientScript.RegisterStartupScript(this.GetType(), "script", sb.ToString());

您应该使用 HTTP POST 请求执行此操作，因为发布的内容在该方法中不可见，它嵌入在 HTTP 消息正文中并作为查询字符串参数公开。

正如@YuriGalanter所评论的那样，使用SSL（HTTPS）进行加密，以便通过网络流量加密消息，从而防止嗅探器看到敏感细节。

例如：

HttpWebRequest httpWReq =
    (HttpWebRequest)WebRequest.Create("http://domain.com/page.aspx");
ASCIIEncoding encoding = new ASCIIEncoding();
string postData = "username=user";
postData += "&password=pass";
byte[] data = encoding.GetBytes(postData);
httpWReq.Method = "POST";
httpWReq.ContentType = "application/x-www-form-urlencoded";
httpWReq.ContentLength = data.Length;
using (Stream stream = httpWReq.GetRequestStream())
{
    stream.Write(data,0,data.Length);
}
HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
string responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();

要获得响应，请执行以下操作：

HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();

隐藏用户信息的最佳方法是在将查询字符串传递到另一个站点时加密查询字符串，并在当前浏览器的新选项卡中打开该 URL。