I understand the idea, and of course they may have a difficult time figuring out the key's encryption, I'm just saying it would still be possible if they're capable enough, and I understand that's an inevitable factor which nobody can deny. But I also see where you're coming from, stating average user/script-kiddy, seeing as the people I'm talking about aren't exactly 'big-crackers' so to speak, so I totally agree with you.
I never bothered with POST Requests through .NET mainly because I had no clue it actually worked. I was told so by my teacher back in College. I guess he wasn't much of a teacher, then..
I'm sorry for not being literal on the 'scan' part, I meant that they decompiled the Program itself, and just read bits and pieces of fragments of the code that remained, and eventually put together the required pieces for the 'recipe' (Link + Paramters).
I have currently solved the solution by over-extending your suggestion of using a Key. This is what I did:
Note that when I said Webbrowser, I was also not specific. What I meant was it's a hidden Browser which the user can't see nor navigate through, so all Requests to the pages, are hidden.
1. Created a very long Hash Key (no encryption yet)
2. Added the Additional User Crendetials (Everything combined) to the Hash (Hash &= Extras)
3. I then encrypted the Key, X amount of times, and used it to send as a parameter to the webscript.
4. Additionally, I exaggerated the security check by encrypting the Username & Passwor X amount of Times, that are also sent to the Script.
5. The receiving end - The Script - then checks if the Key matches the Script's Generated Version of the Key, and also checks if the Session's Username & Password matches the Hashed Username & Password sent from the program, to the script.
6. I compiled the Program
7. I obfuscated as much as I possibly could, making it more difficult to read & crack.
8. Shared it with my large playerbase.
This seems to have worked out thus far, and I'm hoping it will stay that way. I thank you for your help, it's appreicated.
I'd also like to ask how You'd send POST Requests from .NET, like Let's say I grab the User's HWID, and there's a type="hidden" field of the POST Form, how would I make the Script determine that the hidden field for HWID, should contain the details of .NET's variable that grabs the HWID?