encrypt URL data : The Official Microsoft ASP.NET Forums

Reply

bobwhite

Member

701 Points

667 Posts

encrypt URL data

Apr 30, 2012 02:01 PM|LINK

Hi,

I have seen some site hide URL data so instead of showing .aspx?id=5. it shows ?fedjhfuwicisdhnfhtufgojdfkdksudj ( I made it up ) but you got my idea. ...I want to know the significant of this and how to creat it in my website

http://localhost:51756/demo/DataListNavMenu.aspx?id=5

Bob

Reply

Eng-Mondy

Member

189 Points

71 Posts

Re: encrypt URL data

Apr 30, 2012 02:18 PM|LINK

use that class that encrypt querystrings URL ..

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography;
using System.Text;
/// Summary description for QueryStringModule
///
public class QueryStringModule : IHttpModule
{
    // private ILog m_Logger = LogManager.GetLogger(typeof(QueryStringModule));
    #region IHttpModule Members
    public void Dispose()
    {
        // Nothing to dispose
    }
    public void Init(HttpApplication context)
    {
        context.BeginRequest += new EventHandler(context_BeginRequest);
    }
    #endregion
    private const string PARAMETER_NAME = "enc=";
    private const string ENCRYPTION_KEY = "key";
    void context_BeginRequest(object sender, EventArgs e)
    {
        HttpContext context = HttpContext.Current;
        string query = string.Empty;
        string path = string.Empty;
        try
        {
            if (context.Request.Url.OriginalString.Contains("aspx") && context.Request.RawUrl.Contains("?"))
            {
                query = ExtractQuery(context.Request.RawUrl);
                path = GetVirtualPath();
                if (query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase))
                {
                    // Decrypts the query string and rewrites the path.
                    string rawQuery = query.Replace(PARAMETER_NAME, string.Empty);
                    string decryptedQuery = Decrypt(rawQuery);
                    context.RewritePath(path, string.Empty, decryptedQuery);
                }
                else if (context.Request.HttpMethod == "GET")
                {
                    // Encrypt the query string and redirects to the encrypted URL.
                    // Remove if you don't want all query strings to be encrypted automatically.
                    string encryptedQuery = Encrypt(query);
                    context.Response.Redirect(path + encryptedQuery, false);
                }
            }
        }
        catch (Exception ex)
        {
            // m_Logger.Error("An error occurred while parsing the query string in the URL: " + path, ex);
            context.Response.Redirect("~/index.aspx");
        }
    }
    ///

    /// Parses the current URL and extracts the virtual path without query string.
    ///

    /// The virtual path of the current URL.
    private static string GetVirtualPath()
    {
        string path = HttpContext.Current.Request.RawUrl;
        path = path.Substring(0, path.IndexOf("?"));
        path = path.Substring(path.LastIndexOf("/") + 1);
        return path;
    }
    ///

    /// Parses a URL and returns the query string.
    ///

    /// The URL to parse.
    /// The query string without the question mark.
    private static string ExtractQuery(string url)
    {
        int index = url.IndexOf("?") + 1;
        return url.Substring(index);
    }
    #region Encryption/decryption
    ///

    /// The salt value used to strengthen the encryption.
    ///

    private readonly static byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
    ///

    /// Encrypts any string using the Rijndael algorithm.
    ///

    /// The string to encrypt.
    /// A Base64 encrypted string.
    private static string Encrypt(string inputText)
    {
        RijndaelManaged rijndaelCipher = new RijndaelManaged();
        byte[] plainText = Encoding.Unicode.GetBytes(inputText);
        PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
        using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
        {
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(plainText, 0, plainText.Length);
                    cryptoStream.FlushFinalBlock();
                    return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray());
                }
            }
        }
    }
    ///

    /// Decrypts a previously encrypted string.
    ///

    /// The encrypted string to decrypt.
    /// A decrypted string.
    private static string Decrypt(string inputText)
    {
        RijndaelManaged rijndaelCipher = new RijndaelManaged();
        byte[] encryptedData = Convert.FromBase64String(inputText);
        PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
        using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
        {
            using (MemoryStream memoryStream = new MemoryStream(encryptedData))
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                {
                    byte[] plainText = new byte[encryptedData.Length];
                    int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
                    return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
                }
            }
        }
    }
    #endregion
}

Please Mark Answer Green , If Correct

My Facebook

Marked as answer by bobwhite on May 02, 2012 06:13 PM

Reply

bobwhite

Member

701 Points

667 Posts

Re: encrypt URL data

Apr 30, 2012 08:09 PM|LINK

Thanks Mahmoud, I apprciate your help. can you send me a sample code to use the class.

bob

Reply

Eng-Mondy

Member

189 Points

71 Posts

Re: encrypt URL data

Apr 30, 2012 08:12 PM|LINK

u welcome Friend .. oh i sent it above ... copy that code at CS File and put it inside ur AppCode Folder .. and then Call the this Class at any Page CS ..

Please Mark Answer Green , If Correct

My Facebook

Edited by Eng-Mondy on Apr 30, 2012 08:21 PM

Reply

Eng-Mondy

Member

189 Points

71 Posts

Re: encrypt URL data

Apr 30, 2012 08:27 PM|LINK

and add these lines to your web config file

<system.web>

<httpModules>
< add type = " QueryStringModule " name = " QueryStringModule " />
</httpModules>

</system.web>

Please Mark Answer Green , If Correct

My Facebook

Edited by Eng-Mondy on Apr 30, 2012 08:28 PM

Reply

MahadPK

Participant

778 Points

225 Posts

Re: encrypt URL data

Apr 30, 2012 08:50 PM|LINK

you can encode data for use in a querystring like this:

Dim qs As String =
"this is a querystring"
        Dim encodedQs As String = HttpUtility.UrlEncode(qs)

Its important to be aware though that urlencoding your data does not in any way prevent that data from being tampered with / changed by the user.

if you need to use the querystring and want to make sure the data is not tampered with, you might consider the technique in this article: http://aspnet.4guysfromrolla.com/articles/083105-1.aspx

http://www.4guysfromrolla.com/webtech/012000-1.shtml

The process of encrypting the data will also render the data illegible for your users - effectively hiding its value

Edited by MahadPK on Apr 30, 2012 08:51 PM

encrypt URL data RSS

5 replies

bobwhite

encrypt URL data

Eng-Mondy

Re: encrypt URL data

bobwhite

Re: encrypt URL data

Eng-Mondy

Re: encrypt URL data

Eng-Mondy

Re: encrypt URL data

MahadPK

Re: encrypt URL data

This site is managed for Microsoft by Neudesic, LLC. | © 2013 Microsoft. All rights reserved.

Follow Us On:

Microsoft