发表新帖
发表新帖

How can you secure/encrypt your querystring in asp.net?

前端 未结
关注
4 653
鱼传尺愫
鱼传尺愫 2021-01-21 01:56

I was wondering how you could encrypt/decrypt your querystring in a simple asp.net page? some values need to be passed between different pages but the querystring cannot be chan

相关标签:
4条回答
  • 南笙
    2021-01-21 02:04

    I needed to do this and just for reference this was my chosen solution.

    Use a HTTPModule to encrypt and decrypt. Then just put the module in the web.config.

    Found it here: https://madskristensen.net/blog/httpmodule-for-query-string-encryption/

    From the article:

    What we need is an HttpModule that can turn the encrypted query string into a normal readable one, so that we can still use our old logic like Request.QueryString["user"]. In other words, we want the user to see this

    ?enc=VXzal017xHwKKPolDWQJoLACDqQ0fE//wGkgvRTdG/GgXIBDd1

    while your code sees this

    ?user=123&account=456.

    Sample code in the article has the module you would add.

    0 讨论(0)
  • 野趣味
    2021-01-21 02:06

    How about adding the value you need to the Viewstate? Viewstate can encrypted and validated for you.

    ViewState["myKey"] = "myValue";

    and then later

    string myValue = ViewState["myKey"]

    To enable encryption:

    <%@Page ViewStateEncryptionMode="Always" %>

    or

    <configuration>
   <system.web>
      <pages ViewStateEncryptionMode="Always" />
   </system.web>
</configuration>
    0 讨论(0)
  • 感动是毒
    2021-01-21 02:09

    Here is a project that will show you how to do symmetric encryption. http://www.codeproject.com/KB/security/SimpleEncryption.aspx

    Dare I mention this, because it will create significant overhead, but you can post your information in the view state and use cross page posts to pass the information around:

    http://www.velocityreviews.com/forums/t119789-view-state-in-previous-page-using-cross-page-postback.html

    0 讨论(0)
  • 面向向阳花
    2021-01-21 02:27

    You'll have to encrypt it manually using one of the .Net encryptions. Really this isn't what the query string is for. If you don't want the users to be able to access it, you should find a different way of passing it between pages.

    Here is a project that will show you how to do symmetric encryption. http://www.codeproject.com/KB/security/SimpleEncryption.aspx

    Dare I mention this, because it will create significant overhead, but you can post your information in the view state and use cross page posts to pass the information around:

    http://www.velocityreviews.com/forums/t119789-view-state-in-previous-page-using-cross-page-postback.html

    0 讨论(0)
 看不清?
提交回复
热议问题