Click here to Skip to main content
Click here to Skip to main content

Encrypt and Decrypt data

, 12 Aug 2013
Rate this:
Please Sign up or sign in to vote.
Encrypt data before sending via QueryString and decrypt upon reception in the target page.

Introduction 

In web applications it is quite common to send values using QuerySting for instance displaying records as hyperlinks and on click it redirects to new page with mode information about the record. This requires passing unique information about the record like database IDs, primary/foreign key values, etc. in plain text which makes the web application vulnerable to attackers.

It is advised to name the QueryString property with irrelevant name rather than saying for example EmpID, which makes attacker understand that we are passing Employee ID. And encrypt the value while sending and decrypt it at receiving page will make it difficult for attackers.  

The below are two reusable methods that can be used to encrypt data before sending via QueryString and decrypt upon reception in the target page.

Using the code

Add the following code in in some common CS file like Util.cs:
//Namespace
using System.Web.Security;
using System.Security.Cryptography;
//Declare the below
TripleDESCryptoServiceProvider cryptDES3 = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider cryptMD5Hash = new MD5CryptoServiceProvider();
string key = "SomeKeyValue";
public static string Encrypt(string text)
{
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateEncryptor();
    byte[] buff = ASCIIEncoding.ASCII.GetBytes(text);
    string Encrypt = Convert.ToBase64String(desdencrypt.TransformFinalBlock(buff, 0, buff.Length));
    Encrypt = Encrypt.Replace("+", "!");
    return Encrypt;
} 
public static string Decypt(string text)
{
    text = text.Replace("!", "+");
    byte[] buf = new byte[text.Length];
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateDecryptor();
    buf = Convert.FromBase64String(text);
    string Decrypt = ASCIIEncoding.ASCII.GetString(desdencrypt.TransformFinalBlock(buf, 0, buf.Length));
    return Decrypt;
} 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Srinivas Kalabarigi
Software Developer (Senior)
India India

Around 8 years of software development experience and involved in analysis, design, development, testing and deployment of enterprise web applications for government, healthcare and banking domain with good exposure to object-oriented design, software architectures, design patterns, test-driven development and agile practices.

 
Educational Background
  • Post Graduation in Computer Science from Andhra University, India.
  • Graduation in Mathematics, Electronics and Computer Science from Andhra University, India.
  • Diploma in Software Technology from CMC Ltd., India.

Comments and Discussions

 
GeneralMy vote of 5 PinmemberChristopher Sommers12-Aug-13 9:12 
QuestionNo!!!! PinmemberAxel Rietschin12-Aug-13 7:11 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140814.1 | Last Updated 12 Aug 2013
Article Copyright 2013 by Srinivas Kalabarigi
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid