Saturday 3 January 2015

how to encrypt and decrypt query string in asp.net

Posted on by aspsolutionkirit with No comments

Encrypt and Decryption Querystring



Description:-

In this example we explain that how to encrypt and decrypt query string in asp.net. or encrypt or decrypt query string parameter value in asp.net.we all know that query string is one kind of most popular way to transfer or pass data between one page to another page. But it is not safety because value are pass to the another page are visible to the end user in URL. So it may be possible to user can change or access this value and easily play with it so it broken the security.

So to overcome this situation or you don’t want to show these values to end users then encrypt query string is the best way to transfer or pass encrypt query string value and then later you can decrypt the query string value when you want to use.


Sorting Row data in gridview Gridview Sorting 

How to handle Concurrency in Linq to Sql Concurrency Example 


page1.aspx:-

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="page1.aspx.cs" Inherits="page1" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <asp:Button ID="btnEncrypt" runat="server"
       Text="Go to Page 2 with encrypted query string " onclick="btnEncrypt_Click" />
    </div>
    </form>
</body>
</html>

page1.aspx.cs:- 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Text;
using System.Security.Cryptography;


public partial class page1 : System.Web.UI.Page
{
  
    protected void btnEncrypt_Click(object sender, EventArgs e)
    {
        string url = "Page2.aspx?";
        string queryString = "id=24&name=kirit";
        string encryptedQueryString = EncryptString(queryString);
        string urlWithEncryptedString = url + encryptedQueryString;
        Response.Redirect(urlWithEncryptedString);
    }
    public string EncryptString(string inputString)
    {
        MemoryStream memStream = null;
        try
        {
            byte[] key = { };
            byte[] IV = { 12, 21, 43, 17, 57, 35, 67, 27 };
            string encryptKey = "aXb2uy4z";
            key = Encoding.UTF8.GetBytes(encryptKey);
            byte[] byteInput = Encoding.UTF8.GetBytes(inputString);
            DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
            memStream = new MemoryStream();
            ICryptoTransform transform = provider.CreateEncryptor(key, IV);
            CryptoStream cryptoStream = new CryptoStream(memStream, transform, CryptoStreamMode.Write);
            cryptoStream.Write(byteInput, 0, byteInput.Length);
            cryptoStream.FlushFinalBlock();

        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }
        return Convert.ToBase64String(memStream.ToArray());
    }
}

page2.aspx:-

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="page2.aspx.cs" Inherits="page2" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <asp:Button ID="btnDerypt" runat="server"
                Text="Click to see decrypted query string" OnClick="btnDecrypt_Click" />
            <br />
            <asp:Label ID="lblURL" runat="server"></asp:Label>
        </div>
    </form>
</body>
</html>

page2.aspx.cs:- 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Text;
using System.Security.Cryptography;


public partial class page2 : System.Web.UI.Page
{

    protected void btnDecrypt_Click(object sender, EventArgs e)
    {
        string url = Request.RawUrl;
        string urlEnrypted = url.Substring(url.IndexOf('?') + 1);
        string decryptedUrl = DecryptString(urlEnrypted);
        lblURL.Text = decryptedUrl;
    }
    public string DecryptString(string inputString)
    {
        MemoryStream memStream = null;
        try
        {
            byte[] key = { };
            byte[] IV = { 12, 21, 43, 17, 57, 35, 67, 27 };
            string encryptKey = "aXb2uy4z";
            key = Encoding.UTF8.GetBytes(encryptKey);
            byte[] byteInput = new byte[inputString.Length];
            byteInput = Convert.FromBase64String(inputString);
            DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
            memStream = new MemoryStream();
            ICryptoTransform transform = provider.CreateDecryptor(key, IV);
            CryptoStream cryptoStream = new CryptoStream(memStream, transform, CryptoStreamMode.Write);
            cryptoStream.Write(byteInput, 0, byteInput.Length);
            cryptoStream.FlushFinalBlock();
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }

        Encoding encoding1 = Encoding.UTF8;
        return encoding1.GetString(memStream.ToArray());
    }

}

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)