Masking an external URL

I need to be able to open up an external URL in my website with out revealing it to my users (both in the browser and in the source). I do not want them to be able to copy the URL and edit the query string to their liking. Is there a way to open the URL in an iframe, or something of the like, and hide/mask its source?

This is an asp.net 2.0 website.

Could you do the following:

1. Accept parameters from the user.
2. Have a webpage or backend process which uses this to download the PDF to a temporary store.
3. Then stream this to the client, so they don't know about the URL where the PDF is generated? (or just stream directly, without downloading temporarily.)

This way users would never know about the other site, and it should be much more secure.

This could also use some validation/authentication so users are unable to alter the parameters passed to retrieve other users' PDFs.