Last post Sep 18, 2009 10:29 AM by Rivelyn
May 17, 2009 03:13 PM|Rivelyn|LINK
Been digging around the web for a couple of days now and I am coming up a little short on finding some good info on how to work with url query string, encrypting and decrypting
For starters there are a lot of heavy security and over kill processes out there and my need is very simple, the encryption is really just to stop registered users from mucking
around with a url that has some basic information in it.
I am not protecting from hackers, so there is no need to implement https or other very secure procedures, even if a users does hack the url query string it’s not that big
of a deal.
I am using VB so I have been trying to find something simple in VB that will take a Url like so –
And create some mashed up form like -
Or something like that.
This is not really to protect query string information, it’s more to force a visitor to use the proper navigation system.
Any help would be great!
May 17, 2009 06:27 PM|Rivelyn|LINK
I came across this code that I have been mucking with for a bit and it seems to be what I am looking for, however I am getting intermitant errors.
key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
inputByteArray = Convert.FromBase64String(stringToDecrypt)
cs.Write(inputByteArray, 0, inputByteArray.Length)
key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8))
The error I am getting from time to time and not all of the time is this -
Invalid length for a Base-64 char array.
May 18, 2009 01:18 PM|Rivelyn|LINK
That was a simple issue, nothing more then needing to replace + with spaces in the encrypted query string.
Thanks everyone for you help... :-)
Jul 23, 2009 04:58 PM|pghcpa7|LINK
This was enormously helpful code to me. I searched forever to find something this straightforward. You saved me many hours.
I wanted to add something another reader might find useful. I needed to add URL encoding so that the encrypted string would be ready for transport over HTTP. To do this (in vb.net) I add a reference to System.Web and use the HTTPUtility.URLEncode class
to transform it into a string
strEncoded = HttpUtility.UrlEncode(strEncrypted)
So, the steps are:
1. Store a string of query parameters
2. Encrypt it using code above
3. Encode it with URLEncode
4. Send it through as query string (one string of apparently-random characters)
5. Receive it on the other side as one big query string
6. use HTTP.Utility.URLDecode to get it back to a regular string
6. Decrypt it using the code above
7. Write a routine to parse it out because you can't use Request.QueryString("AB") for this purpose. You have to come up with your own such as request_equerystring("AB"). Some code for this was written up in the following article on the subject that talks
about the process but I could not get their encrypt and decrypt to work out-of-the-box in vb.net.
In my application, the data I am passing can only be obtained using a windows.form because it uses local data that is not brower-accessible. There are plenty of examples of ASP to ASP querystring passing out there where you can use server.transfer. But,
this is the only simple-to-follow reference I could find to calling up a browser with encrypted query strings from vb.net (that worked on first try).
Encrypting the Information Passed From the Query String
If there's an easier way, I'd love to hear it, though this was pretty straight-forward and fast.
vb.net querystring encrypt
Sep 18, 2009 10:29 AM|Rivelyn|LINK
Sorry I just happen to glance at my previous posts, glad this could help.
I also added URLEncoding and URLDecoding to this but I added at page level instead of in the class.