encrypt URL data

Hi,

I have seen some site hide URL data so instead of showing .aspx?id=5. it shows ?fedjhfuwicisdhnfhtufgojdfkdksudj ( I made it up ) but you got my idea. ...I want to know the significant of this and how to creat it in my website

http://localhost:51756/demo/DataListNavMenu.aspx?id=5

Bob

Re: encrypt URL data

use that class that encrypt querystrings URL ..

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography;
using System.Text;
/// Summary description for QueryStringModule
///
public class QueryStringModule : IHttpModule
{
    // private ILog m_Logger = LogManager.GetLogger(typeof(QueryStringModule));
    #region IHttpModule Members
    public void Dispose()
    {
        // Nothing to dispose
    }
    public void Init(HttpApplication context)
    {
        context.BeginRequest += new EventHandler(context_BeginRequest);
    }
    #endregion
    private const string PARAMETER_NAME = "enc=";
    private const string ENCRYPTION_KEY = "key";
    void context_BeginRequest(object sender, EventArgs e)
    {
        HttpContext context = HttpContext.Current;
        string query = string.Empty;
        string path = string.Empty;
        try
        {
            if (context.Request.Url.OriginalString.Contains("aspx") && context.Request.RawUrl.Contains("?"))
            {
                query = ExtractQuery(context.Request.RawUrl);
                path = GetVirtualPath();
                if (query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase))
                {
                    // Decrypts the query string and rewrites the path.
                    string rawQuery = query.Replace(PARAMETER_NAME, string.Empty);
                    string decryptedQuery = Decrypt(rawQuery);
                    context.RewritePath(path, string.Empty, decryptedQuery);
                }
                else if (context.Request.HttpMethod == "GET")
                {
                    // Encrypt the query string and redirects to the encrypted URL.
                    // Remove if you don't want all query strings to be encrypted automatically.
                    string encryptedQuery = Encrypt(query);
                    context.Response.Redirect(path + encryptedQuery, false);
                }
            }
        }
        catch (Exception ex)
        {
            // m_Logger.Error("An error occurred while parsing the query string in the URL: " + path, ex);
            context.Response.Redirect("~/index.aspx");
        }
    }
    ///

    /// Parses the current URL and extracts the virtual path without query string.
    ///

    /// The virtual path of the current URL.
    private static string GetVirtualPath()
    {
        string path = HttpContext.Current.Request.RawUrl;
        path = path.Substring(0, path.IndexOf("?"));
        path = path.Substring(path.LastIndexOf("/") + 1);
        return path;
    }
    ///

    /// Parses a URL and returns the query string.
    ///

    /// The URL to parse.
    /// The query string without the question mark.
    private static string ExtractQuery(string url)
    {
        int index = url.IndexOf("?") + 1;
        return url.Substring(index);
    }
    #region Encryption/decryption
    ///

    /// The salt value used to strengthen the encryption.
    ///

    private readonly static byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
    ///

    /// Encrypts any string using the Rijndael algorithm.
    ///

    /// The string to encrypt.
    /// A Base64 encrypted string.
    private static string Encrypt(string inputText)
    {
        RijndaelManaged rijndaelCipher = new RijndaelManaged();
        byte[] plainText = Encoding.Unicode.GetBytes(inputText);
        PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
        using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
        {
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(plainText, 0, plainText.Length);
                    cryptoStream.FlushFinalBlock();
                    return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray());
                }
            }
        }
    }
    ///

    /// Decrypts a previously encrypted string.
    ///

    /// The encrypted string to decrypt.
    /// A decrypted string.
    private static string Decrypt(string inputText)
    {
        RijndaelManaged rijndaelCipher = new RijndaelManaged();
        byte[] encryptedData = Convert.FromBase64String(inputText);
        PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
        using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
        {
            using (MemoryStream memoryStream = new MemoryStream(encryptedData))
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                {
                    byte[] plainText = new byte[encryptedData.Length];
                    int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
                    return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
                }
            }
        }
    }
    #endregion
}

Re: encrypt URL data

Thanks Mahmoud, I apprciate your help. can you send me a sample code to use the class.

bob

Re: encrypt URL data

u welcome Friend .. oh i sent it above ... copy that code at CS File and put it inside ur AppCode Folder .. and then Call the this Class at any Page CS ..

Re: encrypt URL data

and add these lines to your web config file

<system.web>

<httpModules>
< add type = " QueryStringModule " name = " QueryStringModule " />
</httpModules>

</system.web>

Re: encrypt URL data

you can encode data for use in a querystring like this:

Dim qs As String =
"this is a querystring"
        Dim encodedQs As String = HttpUtility.UrlEncode(qs)

Its important to be aware though that urlencoding your data does not in any way prevent that data from being tampered with / changed by the user.

if you need to use the querystring and want to make sure the data is not tampered with, you might consider the technique in this article: http://aspnet.4guysfromrolla.com/articles/083105-1.aspx

http://www.4guysfromrolla.com/webtech/012000-1.shtml

The process of encrypting the data will also render the data illegible for your users - effectively hiding its value