65.9K
CodeProject is changing. Read more.
Home

Encrypt and Decrypt data

Srinivas Kalabarigi
starIconstarIconstarIcon
emptyStarIcon
starIcon
emptyStarIcon

3.40/5 (3 votes)

Aug 12, 2013

CPOL
viewsIcon

27846

Encrypt data before sending via QueryString and decrypt upon reception in the target page.

Introduction 

In web applications it is quite common to send values using QuerySting for instance displaying records as hyperlinks and on click it redirects to new page with mode information about the record. This requires passing unique information about the record like database IDs, primary/foreign key values, etc. in plain text which makes the web application vulnerable to attackers.

It is advised to name the QueryString property with irrelevant name rather than saying for example EmpID, which makes attacker understand that we are passing Employee ID. And encrypt the value while sending and decrypt it at receiving page will make it difficult for attackers.  

The below are two reusable methods that can be used to encrypt data before sending via QueryString and decrypt upon reception in the target page.

Using the code

Add the following code in in some common CS file like Util.cs:
//Namespace
using System.Web.Security;
using System.Security.Cryptography;
//Declare the below
TripleDESCryptoServiceProvider cryptDES3 = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider cryptMD5Hash = new MD5CryptoServiceProvider();
string key = "SomeKeyValue";

public static string Encrypt(string text)
{
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateEncryptor();
    byte[] buff = ASCIIEncoding.ASCII.GetBytes(text);
    string Encrypt = Convert.ToBase64String(desdencrypt.TransformFinalBlock(buff, 0, buff.Length));
    Encrypt = Encrypt.Replace("+", "!");
    return Encrypt;
} 
public static string Decypt(string text)
{
    text = text.Replace("!", "+");
    byte[] buf = new byte[text.Length];
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateDecryptor();
    buf = Convert.FromBase64String(text);
    string Decrypt = ASCIIEncoding.ASCII.GetString(desdencrypt.TransformFinalBlock(buf, 0, buf.Length));
    return Decrypt;
}