Click here to Skip to main content
14,153,409 members
Click here to Skip to main content
Add your own
alternative version

Tagged as

Stats

21.9K views
4 bookmarked
Posted 12 Aug 2013
Licenced CPOL

Encrypt and Decrypt data

, 12 Aug 2013
Rate this:
Please Sign up or sign in to vote.
Encrypt data before sending via QueryString and decrypt upon reception in the target page.

Introduction 

In web applications it is quite common to send values using QuerySting for instance displaying records as hyperlinks and on click it redirects to new page with mode information about the record. This requires passing unique information about the record like database IDs, primary/foreign key values, etc. in plain text which makes the web application vulnerable to attackers.

It is advised to name the QueryString property with irrelevant name rather than saying for example EmpID, which makes attacker understand that we are passing Employee ID. And encrypt the value while sending and decrypt it at receiving page will make it difficult for attackers.  

The below are two reusable methods that can be used to encrypt data before sending via QueryString and decrypt upon reception in the target page.

Using the code

Add the following code in in some common CS file like Util.cs:
//Namespace
using System.Web.Security;
using System.Security.Cryptography;
//Declare the below
TripleDESCryptoServiceProvider cryptDES3 = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider cryptMD5Hash = new MD5CryptoServiceProvider();
string key = "SomeKeyValue";
public static string Encrypt(string text)
{
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateEncryptor();
    byte[] buff = ASCIIEncoding.ASCII.GetBytes(text);
    string Encrypt = Convert.ToBase64String(desdencrypt.TransformFinalBlock(buff, 0, buff.Length));
    Encrypt = Encrypt.Replace("+", "!");
    return Encrypt;
} 
public static string Decypt(string text)
{
    text = text.Replace("!", "+");
    byte[] buf = new byte[text.Length];
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateDecryptor();
    buf = Convert.FromBase64String(text);
    string Decrypt = ASCIIEncoding.ASCII.GetString(desdencrypt.TransformFinalBlock(buf, 0, buf.Length));
    return Decrypt;
} 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Srinivas Kalabarigi
Program Manager
India India
No Biography provided

You may also be interested in...

Comments and Discussions

 
GeneralMy vote of 1 Pin
1337Architect5-Oct-14 11:18
member1337Architect5-Oct-14 11:18 
GeneralMy vote of 5 Pin
Christopher Sommers12-Aug-13 9:12
memberChristopher Sommers12-Aug-13 9:12 
QuestionNo!!!! Pin
Axel Rietschin12-Aug-13 7:11
professionalAxel Rietschin12-Aug-13 7:11 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web01 | 2.8.190518.1 | Last Updated 12 Aug 2013
Article Copyright 2013 by Srinivas Kalabarigi
Everything else Copyright © CodeProject, 1999-2019
Layout: fixed | fluid