I have created shtml page with login and password. when user click on the submit button I am calling javascript and passing value to the particular URL for e.g
function Login(){
var id=document.getElementById('txtUserName').value;
var pwd=document.getElementById('txtPassword').value;
if (id=='' || pwd=='')
alert('Please Enter Valid User Name/Password')
else {
debugger;
document.Form1.action = "https://xxx.aspx?x=" + id + "&y=" + pwd;
document.Form1.submit();
}
is it possible that i can encrypt this id and pwd using jquery and on aspx decrypt it again.
Hi, I have found a close match to your requirement.
The thing is that you need to do a client side XOR encyption, and decrypt again serverside. There are debates over the "visible" client side encryption, however, something is better than nothing.
var xorKey = 129; /// you can have other numeric values also.
var result = "";
for (i = 0; i < password.length; ++i) {
result += String.fromCharCode(xorKey ^ password.charCodeAt(i));
}
send this to the server by available means (form submit / query string / handler / request.form)
now @ server side (I had used c# code)
public bool Authenticate(string userName, string password)
{
byte result = 0;
StringBuilder inSb = new StringBuilder(password);
StringBuilder outSb = new StringBuilder(password.Length);
char c;
for (int i = 0; i < password.Length; i++)
{
c = inSb[i];
c = (char)(c ^ 129); /// remember to use the same XORkey value you used in javascript
outSb.Append(c);
}
password = outSb.ToString();
// your rest of code
}
This I have tested and found to work flawlessly in my project too..
The good thing is that the data is "safe" from being seen even if Fiddler is used.
nittin14
Member
86 Points
62 Posts
How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 22, 2012 05:07 AM|LINK
Hi
I have created shtml page with login and password. when user click on the submit button I am calling javascript and passing value to the particular URL for e.g
function Login(){
var id=document.getElementById('txtUserName').value;
var pwd=document.getElementById('txtPassword').value;
if (id=='' || pwd=='')
alert('Please Enter Valid User Name/Password')
else {
debugger;
document.Form1.action = "https://xxx.aspx?x=" + id + "&y=" + pwd;
document.Form1.submit();
}
is it possible that i can encrypt this id and pwd using jquery and on aspx decrypt it again.
kedarrkulkar...
All-Star
35563 Points
5700 Posts
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 22, 2012 05:13 AM|LINK
by encrypting information in javascript, u will just make it difficult for naive hacker to get this data....
but, since anyone can see encryption logic of javascript... (as javascript runs on client side browser) it makes no good mechanism
if u r using ssl (https) then u can rely on that the information is being sent from client to server in secure way
hope this helps...
KK
Please mark as Answer if post helps in resolving your issue
My Site
mudassarkhan
All-Star
78956 Points
13402 Posts
MVP
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 22, 2012 05:19 AM|LINK
You cannot encrypt data client side and decrypt server side. Instead.
1. Do a postback and then process the data on the same page rather then redirecting to some other page
2. Another thing you can do is postback to the same page. Encrypt and then redirect
http://madskristensen.net/post/HttpModule-for-query-string-encryption.aspx
3. Another way which is the best is that. Remove QueryString and add name field to your username and password textbox.
Then on the recepient page (xxx.aspx) you can get values easily using
string username = Request.Form["Name of username textbox"];
Contact me
nittin14
Member
86 Points
62 Posts
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 22, 2012 06:03 AM|LINK
HI Mudass,
Can you give me the example of the Point 3. point 1 & 2 are not fit in my criteria
Allen Li - M...
Star
10411 Points
1196 Posts
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 23, 2012 05:05 AM|LINK
Hi, for example, you want to submit the username and password to “xxx.aspx” page:
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <script type="text/javascript"> function Login(){ var id=document.getElementById('txtUserName').value; var pwd=document.getElementById('txtPassword').value; if (id=='' || pwd=='') alert('Please Enter Valid User Name/Password') else { debugger; document.Form1.submit(); } </script> </head> <body> <form id="Form1" action=" xxx.aspx" method="post"> <input id="txtUserName" type="text" name="username" /><input id="txtPassword" type="text" name='password' /><input id="Submit1" type="submit" value="submit" onclick="Login();" /> </form> </body> </html>With “xxx.aspx” page, you can get the username and password with the following methods:
<script runat="server"> protected void Page_Load(object sender, EventArgs e) { string username = Request["username"]; string password = Request["password"]; } </script>If you have any feedback about my replies, please contact msdnmg@microsoft.com
Microsoft One Code Framework
nittin14
Member
86 Points
62 Posts
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 23, 2012 11:06 AM|LINK
Hey Allen..That's work..Thankyou so much for your help...awesome...:)
mudassarkhan
All-Star
78956 Points
13402 Posts
MVP
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Feb 23, 2012 11:13 AM|LINK
use the following instead in page load
string username = Request.Form["username"];
string password = Request.Form["password"];
Contact me
arunprasadvi...
Member
6 Points
2 Posts
Re: How to Encrypt/Decrypt Parameter passing with URL in javascript
Apr 20, 2012 01:48 PM|LINK
Hi, I have found a close match to your requirement.
The thing is that you need to do a client side XOR encyption, and decrypt again serverside. There are debates over the "visible" client side encryption, however, something is better than nothing.
js code:
password = document.getElementById('txtPassword').value;var result = ""; for (i = 0; i < password.length; ++i) { result += String.fromCharCode(xorKey ^ password.charCodeAt(i)); }send this to the server by available means (form submit / query string / handler / request.form)
now @ server side (I had used c# code)
public bool Authenticate(string userName, string password) { byte result = 0; StringBuilder inSb = new StringBuilder(password); StringBuilder outSb = new StringBuilder(password.Length); char c; for (int i = 0; i < password.Length; i++) { c = inSb[i]; c = (char)(c ^ 129); /// remember to use the same XORkey value you used in javascript outSb.Append(c); } password = outSb.ToString(); // your rest of code }This I have tested and found to work flawlessly in my project too..
The good thing is that the data is "safe" from being seen even if Fiddler is used.
Happy coding.
Links to refer: http://th.atguy.com/mycode/xor_js_encryption/
http://www.eggheadcafe.com/tutorials/csharp/8b53894c-a889-4914-8c46-122980cc44ae/simple-xor-encryption.aspx