Skip to main content

Encrypting and Decrypting Query Strings in asp.net



Introduction


We often pass values between pages in the form of a query string as key-value pairs. Query string is the easiest way and most widely practiced mechanism of transferring small pieces of data between web pages. The end-user may change the value in the query string to play around with the application, and at the same time, it leads to compromising the security and data integrity of the system. So the solution is encrypting the query strings.

Following is the simple way of encryption and decryption mechanism in asp.net

First I created two methods for encryption and decryption

Encrypt the string



        private string Encrypt(string stringToEncrypt)

         {

             byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt);

             byte[] rgbIV = { 0x21, 0x43, 0x56, 0x87, 0x10, 0xfd, 0xea, 0x1c };

             byte[] key = { };

             try

             {

                 key = System.Text.Encoding.UTF8.GetBytes("A0D1nX0Q");

                 DESCryptoServiceProvider des = new DESCryptoServiceProvider();

                 MemoryStream ms = new MemoryStream();

                 CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, rgbIV), CryptoStreamMode.Write);

                 cs.Write(inputByteArray, 0, inputByteArray.Length);

                 cs.FlushFinalBlock();

                 return Convert.ToBase64String(ms.ToArray());

             }

             catch (Exception e)

             {

                 return e.Message;

             }

         }         



Decrypt the encrypted string







        private string Decrypt(string EncryptedText)
{
byte[] inputByteArray = new byte[EncryptedText.Length + 1];
byte[] rgbIV = { 0x21, 0x43, 0x56, 0x87, 0x10, 0xfd, 0xea, 0x1c };
byte[] key = { };

try
{
key = System.Text.Encoding.UTF8.GetBytes("A0D1nX0Q");
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(EncryptedText);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, rgbIV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
catch (Exception e)
{
return e.Message;
}
}



It is better practice to encode the encrypted string before adding it to the URL like following, you can pass any number of parameters as you can (ex: OrderId=1&Name=RV )







   var addressLink = "http://abcxyz.com/abc.aspx?" + HttpUtility.UrlEncode(Encrypt(string.Format("OrderId={0}", orderId)));



Encryption is done, now we have to decrypt the encrypted string whenever we need, like following







   string str = "";
str = Request.RawUrl;

   var qs = Decrypt(HttpUtility.UrlDecode(str.Substring(strReq.IndexOf('?') + 1)));



Parse the returned string according to the parameters you have passed in above expression.




Comments

Popular posts from this blog

Sending Email using your GMail Account in C#.NET

    Use System.Net.Mail namespace , not the deprecated System.Web.Mail . Doing SSL with System.Web.Mail will get security problems var client = new SmtpClient             {                 //create a host                 Host = "smtp.gmail.com",                //gmail uses port number 587                 Port = 587,                //Enable Secure Communication                 EnableSsl = true,                 //Set delivery method to Network                 DeliveryMethod = SmtpDeliveryMethod.Network,                //Give the Credentials                 Credentials = new NetworkCredential("yourusername@gmail.com", "yourPassword"),                 //Set some timeout                 Timeout = 20000             };      //Create a MailMessage Object             using (var mailMessage = new MailMessage("yourusername@gmail.com", toE

Installing nginx with passenger and RVM

In this post I am going to tell you how to install the nginx server with passenger to host rails applications. Following are my configurations: OS: Ubuntu 11.10 Ruby: 1.8.7 I am using RVM Don't install nginx with sudo apt-get install nginx command, I face lot of problems with it.. First install Ruby 1.8.7 with RVM Next install passenger which ever version you want, I prefer latest. gem install passenger The above command will install passenger for your system, now we can install either apache2 or nginx as HTTP servers. I am installing nginx here. After installing passenger you need to run the following command rvmsudo passenger-install-nginx-module This is important step while installing,  Don't run above command with sudo or without rvmsudo it won't work as expected. The script will ask you if you want a default installation or a custom/advanced on. I just did the default (option 1). The script downloads and compiles nginx. It will ask you where you w