Thursday, February 18, 2010

Encrypting Querystring Parameters

I implemented some routines to encrypt/decrypt a querystring parameter using a symmetric key over Base64. This is based off the following article:

http://devcity.net/Articles/47/1/encrypt_querystring.aspx

Below are the specific places where this was implemented.

  1. Namespace: Something.Data

    using System;
    using System.Collections.Generic;
    using System.IO;
    using System.Text;
    using System.Security.Cryptography;

    namespace Something.Web
    {
    public class Encryption64
    {
    //private byte[] key = {};
    //private byte[] IV = {10, 20, 30, 40, 50, 60, 70, 80}; // it can be any byte value
    public string Decrypt(string stringToDecrypt, string sEncryptionKey)
    {
    byte[] key = { };
    byte[] IV = { 10, 20, 30, 40, 50, 60, 70, 80 };
    byte[] inputByteArray = new byte[stringToDecrypt.Length];
    try
    {
    key = Encoding.UTF8.GetBytes(sEncryptionKey.Substring(0, 8));
    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
    inputByteArray = Convert.FromBase64String(stringToDecrypt);
    MemoryStream ms = new MemoryStream();
    CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write);
    cs.Write(inputByteArray, 0, inputByteArray.Length);
    cs.FlushFinalBlock();
    Encoding encoding = Encoding.UTF8;
    return encoding.GetString(ms.ToArray());
    }
    catch (System.Exception ex)
    {
    throw ex;
    }
    }
    public string Encrypt(string stringToEncrypt, string sEncryptionKey)
    {
    byte[] key = { };
    byte[] IV = { 10, 20, 30, 40, 50, 60, 70, 80 };
    byte[] inputByteArray; //Convert.ToByte(stringToEncrypt.Length)
    try
    {
    key = Encoding.UTF8.GetBytes(sEncryptionKey.Substring(0, 8));
    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
    inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt);
    MemoryStream ms = new MemoryStream();
    CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write);
    cs.Write(inputByteArray, 0, inputByteArray.Length);
    cs.FlushFinalBlock();
    return Convert.ToBase64String(ms.ToArray());
    }
    catch (System.Exception ex)
    {
    throw ex;
    }
    }
    }
    }

  2. Something.Common.SessionConst class (complied into its own Dll)

    public const string IAteByte = "!#$a54?3";

  3. SomethingWebsite.App_Code.QuerystringProtect.cs

    using System;
    using System.Web;
    using Immunization.Common;
    using Immunization.Web;
    ///
    /// Summary description for QuerystringProtect
    ///
    public static class QuerystringProtect
    {
    public static string EncryptQueryString(string strQueryString)
    {
    Encryption64 e64 = new Encryption64();
    return e64.Encrypt(strQueryString, SessionConst.IAteByte);
    }
    public static string DecryptQueryString(string strQueryString)
    {
    Encryption64 e64 = new Encryption64();
    return e64.Decrypt(strQueryString, SessionConst.IAteByte);
    }
    }

  4. Encrypt querystring in URL - ASPX code-behind:

    btnDoc.NavigateUrl += QuerystringProtect.EncryptQueryString(someObject.objectId.ToString());

  5. Decrypt querystring - ASPX code-behind Page_Load()


    if (Request.QueryString["params"] != null)
    {
    string qs = Request.QueryString["params"];
    string deCrypt = QuerystringProtect.DecryptQueryString(qs.Replace(" ", "+"));
    }

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)