ASP.net sensitive information storage

Question

I\'m having a small trouble with ASP.net. I have a small DataTable that i need to be page dependent and also user inaccessible. What i mean is:

Answer 1

Add a unique key to a hidden field; use this key to access a unique session value that is specific to the instance of the page. Even if someone guessed someone else's unique key(s), it would be useless without the session key.

Example:

<input type="hidden" value="234092735029730" id="InstanceId" runat="server" />

Generate this value the first time the instance of the page is rendered:

if( !Page.IsPostback ){
    this.InstanceId.Value = GenerateKey().ToString();
}

When retrieving a value from Session specific to that page:

string key = this.InstanceId.Value;
var value = Session[key];

To generate a page-unique ID, something like this will work:

using System.Security.Cryptography;

private static RNGCryptoServiceProvider _crypto = new RNGCryptoServiceProvider();

public static long GenerateKey(){
    byte[] bytes = new byte[8];
    _crypto.GetBytes( bytes );
    return BitConverter.ToInt64( bytes, 0 );
}

Keep in mind that that Session isn't necessarily 100% secure (e.g. Session fixation attacks) but it is orders of magnitude more secure than storing the information in the data sent to the client.