Click here to Skip to main content
15,867,939 members
Articles / Web Development / ASP.NET
Article

Additional functionality for ASP.NET 2.0's CookieParameter

Rate me:
Please Sign up or sign in to vote.
3.33/5 (3 votes)
6 Nov 20042 min read 57.4K   15   6
This article addresses some missing functionality in ASP.NET 2.0's CookieParameter type, including getting a multi-valued cookie Key value and providing some HttpCookieEncryption support.

Introduction

The ASP.NET 2.0's CookieParameter is a good start to providing HTTP data directly to the DataSource controls, including SqlDataSource and the various other flavors.

However, in my opinion, there were two glaring omissions from the code, including the ability to extract a keyed value in a multi-valued cookie. (See HttpCookie.Values collection, providing a name-value pair grouping.)

Additionally, my last article introduced HttpCookieEncryption, a way to prevent tampering of cookie data. Note that the encryption provided via HttpCookieEncryption is only reasonably guaranteed to be tamper proof, but may be viewable, so again, sensitive data should still be stored in Session state or some kind of medium that does not get transmitted to the client.

Using the new and improved CookieParameter (CookieParameterEx)

Since the DataControl builders don't support adding new "Parameter" types to the dialog, we unfortunately have to resort to the Code editor to truly use the CookieParameterEx modifications. So, I'd recommend using the DataControl builder to specify the parameters and such, then manually change the CookieParameter references to CookieParameterEx.

So building on the HttpCookieEncryption (and doing a little fiddling because of a couple of type changes in ASP.NET 2.0), I'm introducing an extension to the CookieParameter.

CookieParameterEx, an extension to CookieParameter

CookieParameterEx subclasses the System.Web.UI.WebControls.CookieParameter type. It adds a few new constructor overloads, but most notably adds two new properties: Key and IsEncrypted.

The IsEncrypted property leverages HttpCookieEncryption.Decrypt to first decrypt the cookie, then be able to inspect the value or keyed-values of the cookie.

The Key property specifies that the cookie specified for CookieParameterEx.CookieName is a multi-valued cookie, and should look at one of the values, instead of the entire HttpCookie.Value.

The real work is done when DataSource controls (indirectly) call the control's Evaluate method:

C#
protected override object Evaluate(System.Web.HttpContext context, 
                              System.Web.UI.Control control)
{
    //defer to base if neither of the newer properties are set.
    if( this.CookieName == null && this.IsEncrypted==false )
        return base.Evaluate(context, control);

    HttpCookie cookie1 = context.Request.Cookies[this.CookieName];
    if (cookie1 == null)
    {
        return null;
    }

    // decrypt the cookie if the IsEncrypted flag is true.
    if (this.IsEncrypted)
    {
        HttpCookie cookie2 = HttpCookieEncryption.Decrypt(cookie1);

        // cookie2 will be null if the HexToString
        // can't "DeHex" the current value.
        // so only change to a non-null decrypted cookie.
        if (cookie2 != null) cookie1 = cookie2;
    }

    // use the Key 
    if (this.Key != null)
        return cookie1[this.Key];
    else
        return cookie1.Value;
}

We now have a tamper-secure cookie that can be used in DataSource controls.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Web Developer
United States United States
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
QuestionHow to implement this extenison? Pin
abentov15-Oct-06 6:19
abentov15-Oct-06 6:19 
QuestionHow to use CookieParameterEx in aspx's pages? Pin
moonxp5-Jul-06 5:26
moonxp5-Jul-06 5:26 
Questionfull version 2.0 available? Pin
cliff hewett29-Dec-05 8:51
professionalcliff hewett29-Dec-05 8:51 
GeneralStyle Pin
Uwe Keim6-Nov-04 21:06
sitebuilderUwe Keim6-Nov-04 21:06 
GeneralRe: Style Pin
Eric Newton9-Nov-04 18:23
Eric Newton9-Nov-04 18:23 
GeneralRe: Style Pin
Uwe Keim9-Nov-04 19:07
sitebuilderUwe Keim9-Nov-04 19:07 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.