How to Encrypt/Decrypt Parameter passing with URL in javascript

I have created shtml page with login and password. when user click on the submit button I am calling javascript and passing value to the particular URL for e.g

function Login(){
    var id=document.getElementById('txtUserName').value;
   var pwd=document.getElementById('txtPassword').value;

   if (id=='' || pwd=='')

       alert('Please Enter Valid User Name/Password')
   else {
        debugger;
    document.Form1.action = "https://xxx.aspx?x=" + id + "&y=" + pwd;
   document.Form1.submit();
   }

is it possible that i can encrypt this id and pwd using jquery and on aspx decrypt it again.

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

by encrypting information in javascript, u will just make it difficult for naive hacker to get this data....

but, since anyone can see encryption logic of javascript... (as javascript runs on client side browser) it makes no good mechanism

if u r using ssl (https) then u can rely on that the information is being sent from client to server in secure way

hope this helps...

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

You cannot encrypt data client side and decrypt server side. Instead.

1. Do a postback and then process the data on the same page rather then redirecting to some other page

2. Another thing you can do is postback to the same page. Encrypt and then redirect

http://madskristensen.net/post/HttpModule-for-query-string-encryption.aspx

3. Another way which is the best is that. Remove QueryString and add name field to your username and password textbox.

Then on the recepient page (xxx.aspx) you can get values easily using

string username = Request.Form["Name of username textbox"];

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

HI Mudass,

Can you give me the example of the Point 3. point 1 & 2 are not fit in my criteria

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

Hi, for example, you want to submit the username and password to xxx.aspx page:

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title></title>

    <script type="text/javascript">
        function Login(){
     var id=document.getElementById('txtUserName').value;
     var pwd=document.getElementById('txtPassword').value;
     if (id=='' || pwd=='')
         alert('Please Enter Valid User Name/Password')
     else {
         debugger;
     document.Form1.submit();
      }
    </script>
</head>
<body>
<form id="Form1" action=" xxx.aspx" method="post">
    <input id="txtUserName" type="text" name="username" /><input id="txtPassword" type="text" name='password' /><input id="Submit1"
        type="submit" value="submit" onclick="Login();" />
</form>
</body>
</html>

With “xxx.aspx” page, you can get the username and password with the following methods:

<script runat="server">
        protected void Page_Load(object sender, EventArgs e)
        {
            string username = Request["username"];
            string password = Request["password"];
        }
    </script>

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

Hey Allen..That's work..Thankyou so much for your help...awesome...:)

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

use the following instead in page load

string username = Request.Form["username"];

string password = Request.Form["password"];

Re: How to Encrypt/Decrypt Parameter passing with URL in javascript

Hi, I have found a close match to your requirement.

The thing is that you need to do a client side XOR encyption, and decrypt again serverside. There are debates over the "visible" client side encryption, however, something is better than nothing.

js code:

password = document.getElementById('txtPassword').value;

var xorKey = 129; /// you can have other numeric values also.

    var result = "";
    for (i = 0; i < password.length; ++i) {
        result += String.fromCharCode(xorKey ^ password.charCodeAt(i));
    }

send this to the server by available means (form submit / query string / handler / request.form)

now @ server side (I had used c# code)

public bool Authenticate(string userName, string password)
    {
        byte result = 0;

        StringBuilder inSb = new StringBuilder(password);
        StringBuilder outSb = new StringBuilder(password.Length);
        char c;
        for (int i = 0; i < password.Length; i++)
        {
            c = inSb[i];
            c = (char)(c ^ 129); /// remember to use the same XORkey value you used in javascript
            outSb.Append(c);
        }
        password = outSb.ToString();

       // your rest of code
    }

This I have tested and found to work flawlessly in my project too..

The good thing is that the data is "safe" from being seen even if Fiddler is used.

Happy coding.

Links to refer: http://th.atguy.com/mycode/xor_js_encryption/
http://www.eggheadcafe.com/tutorials/csharp/8b53894c-a889-4914-8c46-122980cc44ae/simple-xor-encryption.aspx