Encrypt Query String including keys

后端 未结 2 1551
难免孤独
难免孤独 2020-12-05 06:01

I have an app that is using query string to pass some values around pages. I found few examples on how to encrypt values in query string, but the problem is that my KEYS tel

相关标签:
2条回答
  • 2020-12-05 06:25

    There is one issue that many of the references above overlook, and that is just prior to returning the encrypted string, URL Encode (see below right before the string is returned). I am using IIS 7.5, and it will automatically "Decode" the string for you, so the decryption "should" be OK. Both the Encrypt and Decrypt code is shown below.

    public string EncryptQueryString(string inputText, string key, string salt)
    {
        byte[] plainText = Encoding.UTF8.GetBytes(inputText);
    
        using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
        {
            PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
            using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
            {
                using (MemoryStream memoryStream = new MemoryStream())
                {
                    using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                    {
                        cryptoStream.Write(plainText, 0, plainText.Length);
                        cryptoStream.FlushFinalBlock();
                        string base64 = Convert.ToBase64String(memoryStream.ToArray());
    
                        // Generate a string that won't get screwed up when passed as a query string.
                        string urlEncoded = HttpUtility.UrlEncode(base64);
                        return urlEncoded;
                    }
                }
            }
        }
    }
    
    public string DecryptQueryString(string inputText, string key, string salt)
            {
                byte[] encryptedData = Convert.FromBase64String(inputText);
                PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
    
                using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
                {
                    using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
                    {
                        using (MemoryStream memoryStream = new MemoryStream(encryptedData))
                        {
                            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                            {
                                byte[] plainText = new byte[encryptedData.Length];
                                cryptoStream.Read(plainText, 0, plainText.Length);
                                string utf8 = Encoding.UTF8.GetString(plainText);
                                return utf8;
                            }
                        }
                    }
                }
            }
    
    0 讨论(0)
  • 2020-12-05 06:41

    There are many examples on web.

    some of them:

    How can I encrypt a querystring in asp.net?

    how to pass encrypted query string in asp.net

    http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings

    http://www.keyvan.ms/how-to-encrypt-query-string-parameters-in-asp-net

    http://forums.asp.net/t/989552.aspx/1

    Now you say that you do like to encrypt the keys also, actually what you have to do is to encrypt them all url line, and then you just read the RawUrl what after the ? and decrypt it.

    0 讨论(0)
提交回复
热议问题