|
<%@ Page Language="VB" %>
<script runat="server">
'Could be read from web.config
Private TamperProofKey As String = "YourUglyRandomKeyLike-lkj54923c478"
'or ... TamperProofKey As String = ConfigurationSettings.AppSettings("TamperProofKey")
Sub Page_Load(ByVal source As Object, ByVal e As EventArgs)
If Not IsPostBack() Then
'Redirect to same page is not a post back
'Default value if data is not in query string
Dim DataString As String = "!!No data passed!!"
If Request.QueryString("Data") IsNot Nothing Then
Try
'Decode the query string data
DataString = TamperProofStringDecode(Request.QueryString("Data"), TamperProofKey)
'Or with simplified helper function
'DataString = QueryStringDecode(Request.QueryString("Data"))
Catch ex As Exception
'Data was tampered with.
DataString = "!!Data was corrupt!!"
End Try
End If
'Show data on web page
ShowData.Text = DataString
End If
End Sub
Sub Submit_Click(source as object, e as eventargs)
'Redirect to this page with the data from InputData
Response.Redirect("TamperProofQueryString.aspx?Data=" & HttpUtility.UrlEncode(TamperProofStringEncode(InputData.Text, TamperProofKey)))
' or use simplified helper funtion ...........?Data=" & QueryStringEncode(InputData.Text)))
End Sub
'Function to encode the string
Function TamperProofStringEncode(ByVal value As String, ByVal key As String) As String
Dim mac3des As New System.Security.Cryptography.MACTripleDES()
Dim md5 As New System.Security.Cryptography.MD5CryptoServiceProvider()
mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key))
Return Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(value)) & "-"c & Convert.ToBase64String(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(value)))
End Function
'Function to decode the string
'Throws an exception if the data is corrupt
Function TamperProofStringDecode(ByVal value As String, ByVal key As String) As String
Dim dataValue As String = ""
Dim calcHash As String = ""
Dim storedHash As String = ""
Dim mac3des As New System.Security.Cryptography.MACTripleDES()
Dim md5 As New System.Security.Cryptography.MD5CryptoServiceProvider()
mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key))
Try
dataValue = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split("-"c)(0)))
storedHash = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split("-"c)(1)))
calcHash = System.Text.Encoding.UTF8.GetString(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(dataValue)))
If storedHash <> calcHash Then
'Data was corrupted
Throw New ArgumentException("Hash value does not match")
'This error is immediately caught below
End If
Catch ex As Exception
Throw New ArgumentException("Invalid TamperProofString")
End Try
Return dataValue
End Function
'Two helper functions to make things easier.
Function QueryStringEncode(ByVal value As String) As String
Return HttpUtility.UrlEncode(TamperProofStringEncode(value, TamperProofKey))
End Function
Function QueryStringDecode(ByVal value As String) As String
Return TamperProofStringDecode(value, TamperProofKey)
End Function
</script>
<html>
<head>
</head>
<body>
<form runat="server">
<b>Data received from query string:</b>
<br />
<asp:TextBox id="ShowData" runat="server" ReadOnly="True" TextMode="MultiLine" Rows="2" Columns="80"></asp:TextBox>
<br />
<br />
<b>Enter data to be transmitted by query string:</b>
<br />
<asp:TextBox id="InputData" runat="server" Text="Test Data"></asp:TextBox>
<asp:Button id="Submit" onclick="Submit_Click" runat="server" Text="Submit"></asp:Button>
<br />
<br />
<!-- how to use as hyperlink -->
<a href='TamperProofQueryString.aspx?Data=<%= HttpUtility.UrlEncode(TamperProofStringEncode("This data was stored in the hyperlink.", TamperProofKey)) %>'>HyperLink With Predefined Data</a><br/>
<a href='TamperProofQueryString.aspx?Data=<%= QueryStringEncode("Different set of data. Using helper function.") %>'>HyperLink With Predefined Data (using helper function)</a>
</form>
</body>
</html>
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.