Click here to Skip to main content
15,887,416 members
Search within:


Articles / Web Development / ASP.NET
 
Tip/Trick

Encrypt and Decrypt data

Rate me:
Please Sign up or sign in to vote.
3.40/5 (3 votes)
12 Aug 2013CPOL 27.4K   4   3
Encrypt data before sending via QueryString and decrypt upon reception in the target page.

Introduction 

In web applications it is quite common to send values using QuerySting for instance displaying records as hyperlinks and on click it redirects to new page with mode information about the record. This requires passing unique information about the record like database IDs, primary/foreign key values, etc. in plain text which makes the web application vulnerable to attackers.

It is advised to name the QueryString property with irrelevant name rather than saying for example EmpID, which makes attacker understand that we are passing Employee ID. And encrypt the value while sending and decrypt it at receiving page will make it difficult for attackers.  

The below are two reusable methods that can be used to encrypt data before sending via QueryString and decrypt upon reception in the target page.

Using the code

Add the following code in in some common CS file like Util.cs:
C#
//Namespace
using System.Web.Security;
using System.Security.Cryptography;
//Declare the below
TripleDESCryptoServiceProvider cryptDES3 = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider cryptMD5Hash = new MD5CryptoServiceProvider();
string key = "SomeKeyValue";
C#
public static string Encrypt(string text)
{
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateEncryptor();
    byte[] buff = ASCIIEncoding.ASCII.GetBytes(text);
    string Encrypt = Convert.ToBase64String(desdencrypt.TransformFinalBlock(buff, 0, buff.Length));
    Encrypt = Encrypt.Replace("+", "!");
    return Encrypt;
} 
C#
public static string Decypt(string text)
{
    text = text.Replace("!", "+");
    byte[] buf = new byte[text.Length];
    cryptDES3.Key = cryptMD5Hash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
    cryptDES3.Mode = CipherMode.ECB;
    ICryptoTransform desdencrypt = cryptDES3.CreateDecryptor();
    buf = Convert.FromBase64String(text);
    string Decrypt = ASCIIEncoding.ASCII.GetString(desdencrypt.TransformFinalBlock(buf, 0, buf.Length));
    return Decrypt;
}

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Srinivas Kalabarigi
Program Manager
India India
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
First Prev Next
GeneralMy vote of 1 Pin
1337Architect5-Oct-14 11:18
professional1337Architect5-Oct-14 11:18 
GeneralMy vote of 5 Pin
Christopher Sommers12-Aug-13 9:12
Christopher Sommers12-Aug-13 9:12 
QuestionNo!!!! Pin
Axel Rietschin12-Aug-13 7:11
professionalAxel Rietschin12-Aug-13 7:11 
Using a MD5 of the password as key is horrible. Use for example System.Security.Cryptography.Rfc2898DeriveBytes for that!
Axel Rietschin
http://www.fastpictureviewer.com
Last Visit: 31-Dec-99 18:00     Last Update: 27-Apr-24 22:11Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 12 Aug 2013

Article Copyright 2013 by Srinivas Kalabarigi
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-04-02:1