how to encrypt query string parameters in asp.net ?


Hi

Here are some few steps do encryption of “query string” in asp.net

Step1. Create one class file in app_Code .

Step2: Keep this Code in that class

using System;
using System.Collections.Generic;
using System.IO;

using System.Security.Cryptography;
using System.Text;
using System.Web;

/// <summary>
/// Summary description for QueryStringModule
/// </summary>
public class QueryStringModule : IHttpModule
{
//  private ILog m_Logger = LogManager.GetLogger(typeof(QueryStringModule));
#region IHttpModule Members

public void Dispose()
{
// Nothing to dispose
}

public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);
}

#endregion

private const string PARAMETER_NAME = “enc=”;
private const string ENCRYPTION_KEY = “key”;

void context_BeginRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
string query = string.Empty;
string path = string.Empty;

try
{
if (context.Request.Url.OriginalString.Contains(“aspx”) && context.Request.RawUrl.Contains(“?”))
{
query = ExtractQuery(context.Request.RawUrl);
path = GetVirtualPath();

if (query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase))
{
// Decrypts the query string and rewrites the path.
string rawQuery = query.Replace(PARAMETER_NAME, string.Empty);
string decryptedQuery = Decrypt(rawQuery);
context.RewritePath(path, string.Empty, decryptedQuery);
}
else if (context.Request.HttpMethod == “GET”)
{
// Encrypt the query string and redirects to the encrypted URL.
// Remove if you don’t want all query strings to be encrypted automatically.
string encryptedQuery = Encrypt(query);
context.Response.Redirect(path + encryptedQuery, false);
}
}
}
catch (Exception ex)
{
// m_Logger.Error(“An error occurred while parsing the query string in the URL: ” + path, ex);
context.Response.Redirect(“~/Home.aspx”);
}

}

/// <summary>
/// Parses the current URL and extracts the virtual path without query string.
/// </summary>
/// <returns>The virtual path of the current URL.</returns>
private static string GetVirtualPath()
{
string path = HttpContext.Current.Request.RawUrl;
path = path.Substring(0, path.IndexOf(“?”));
path = path.Substring(path.LastIndexOf(“/”) + 1);
return path;
}

/// <summary>
/// Parses a URL and returns the query string.
/// </summary>
/// <param name=”url”>The URL to parse.</param>
/// <returns>The query string without the question mark.</returns>
private static string ExtractQuery(string url)
{
int index = url.IndexOf(“?”) + 1;
return url.Substring(index);
}

#region Encryption/decryption

/// <summary>
/// The salt value used to strengthen the encryption.
/// </summary>
private readonly static byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());

/// <summary>
/// Encrypts any string using the Rijndael algorithm.
/// </summary>
/// <param name=”inputText”>The string to encrypt.</param>
/// <returns>A Base64 encrypted string.</returns>
private static string Encrypt(string inputText)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();
byte[] plainText = Encoding.Unicode.GetBytes(inputText);
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);

using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
return “?” + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}

/// <summary>
/// Decrypts a previously encrypted string.
/// </summary>
/// <param name=”inputText”>The encrypted string to decrypt.</param>
/// <returns>A decrypted string.</returns>
private static string Decrypt(string inputText)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();

byte[] encryptedData = Convert.FromBase64String(inputText);
PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);

using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream(encryptedData))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
byte[] plainText = new byte[encryptedData.Length];
int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
}
}
}
}

#endregion

}

Steps 3:

Add in web config like this

<configuration>
<system.web>
<compilation debug=”true” targetFramework=”4.0″ />
<httpModules>
<add type=”QueryStringModule ” name=”QueryStringModule “/>
</httpModules>
</system.web>

</configuration>

 

Now, while passing the parameter, you will get value in encrypted form.

Like this Image

Here is no need to call that class. It is one of the easiest method to encrypt the query string.

I hope this will help to some one.

Advertisements

10 Responses to “how to encrypt query string parameters in asp.net ?”

  1. Best Decaptcha Service: Captcha Sniper Says:

    Heya i am for the first time here. I came across
    this board and I find It truly useful & it helped me
    out much. I hope to give something back and help
    others like you helped me.

    • Chandra Dev Says:

      Thank you.

  2. cna test prep Says:

    Good day! This post could not be written any better!
    Reading through this post reminds me of my old room mate!

    He always kept chatting about this. I will forward this article to him.
    Fairly certain he will have a good read. Many thanks for sharing!

  3. http://Civilizedsociety.net/averting-an-imminent-anxiety-attack/ Says:

    I blog quite often and I really appreciate your information.
    This great article has truly peaked my interest. I am
    going to take a note of your blog and keep checking for new
    information about once a week. I subscribed to your RSS feed too.

    My Web Site

    My Web Site

    My Web Site

    what is an anxiety attack like

    what is an anxiety attack like

  4. wiki mileys money method Says:

    You really make it seem so easy with your presentation but I find this matter to
    be really something that I think I would never understand.
    It seems too complicated and very broad for me. I am looking forward for your next
    post, I will try to get the hang of it!

  5. Monique Says:

    Please let me know if you’re looking for a author for your site.
    You have some really good posts and I think I would be a good asset.
    If you ever want to take some of the load off, I’d really like
    to write some content for your blog in exchange for
    a link back to mine. Please blast me an email if interested.
    Thanks!

  6. Going in smol.us Says:

    I get pleasure from, lead to I found just what I used
    to be taking a look for. You have ended my 4 day lengthy hunt!
    God Bless you man. Have a great day. Bye

    • Chandra Dev Says:

      Thank you.

  7. Annis Says:

    Thanks , I’ve just been looking for info about this topic for a
    long time and yours is the greatest I have came upon so far.

    However, what in regards to the conclusion? Are you positive
    about the supply?

  8. selfie stick Says:

    I relish, cause I found just what I was having a look for.

    You’ve ended my four day lengthy hunt! God Bless you man. Have a great day.
    Bye


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: