Last post Nov 19, 2008 07:49 AM by TATWORTH
Nov 14, 2008 05:56 AM|ShailAtlas|LINK
In my web site and I am passing QueryString parameters for almost every page. So a normal URL for my web site will look like this -
But later we found that a user can manipulate the QueryString and get information from Database which is not intended for him. So we designed a "Security" class for encrypting and decrypting QueryString parameters. It should be like this -
On the pages we have used FormView and other ASP.Net controls, And almost everypne is using "QueryStringParameter". They are working fine when I am not using Encryption and Decryption. But if now I want to use that, I need
to manipulate almost all the forms in my web site.
So I am thinking is there anyway I can write HTTPModules for encrypting and decrypting the QueryString ??
Something like pre and post processing of URL. Lets name the module as "EncryptModule" and "DecryptModule". I will attach these module in the HTTP Pipeline for pre and post processing of requests. These modules will encapsulate the logic of my "Security" class.
This will save me from modifying my pages to use Encrypted/Decrypted QueryString.
Does this make sense and is this is possible ( Here I am following a top-to-down approach )
Any thoughts or some one has done this before ?
Nov 14, 2008 08:13 AM|DarrellNorton|LINK
Try this article:
HttpModule for Query String Encryption
Nov 19, 2008 07:49 AM|TATWORTH|LINK
You could also look at: