Introduction
Once upon a time in the tech world, security is very important. This being most true in the early years of the industry, when there were gaping holes in privacy policies and confidential client information. With the new Cryptography classes in .NET, there's absolutely no excuse for not hiding even the most innocuous user data.
Main
In computer programming, a parameter is a variable which takes on the meaning of a corresponding argument passed in a call to a subroutine. A parameter represents a value that the procedure expects you to supply when you call it. The procedure's declaration defines its parameters. You can define a procedure with no parameters, one parameter, or more than one. The part of the procedure definition that specifies the parameters is called the parameter list.
If you're not going to use a session variable for storing end user information, you're most likely going to keep some sort of State by passing the information to a cookie or push it around with GET/POST parameters. If you're passing around any sort of ID or user information like their name, it's better to encrypt the information.
What I was looking for was a quick way to encrypt and decrypt parts of a QueryString - it had to be on the fly and quick.
Example: url with QueryString http://www.weburl.com/product.aspx?id=1234. In here id is a parameter and 1234 is the value of it. Now we want to encrypt 1234 so it cant be recognize by common user.
Class To Encpypt Passing Parameter Value
using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Security.Cryptography;
using System.Xml;
using System.Text;
using System.IO;
public class Encryption
{
private static byte[] key = { };
private static byte[] IV = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
private static string EncryptionKey = "!5623a#de";
public Encryption()
{
}
public static string Decrypt(string Input)
{
Byte[] inputByteArray = new Byte[Input.Length];
try
{
key = System.Text.Encoding.UTF8.GetBytes
(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(Input);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream
(ms, des.CreateDecryptor(key, IV), <BR>>CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
Encoding encoding = Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
catch (Exception ex)
{
return "";
}
}
public static string Encrypt(string Input)
{
try
{
key = System.Text.Encoding.UTF8.GetBytes
(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
Byte[] inputByteArray = Encoding.UTF8.GetBytes(Input);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream
(ms, des.CreateEncryptor(key, IV),CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.ToArray());
}
catch (Exception ex)
{
return "";
}
}
}
Conclusion
When you need to pass the encryption parameter just simple write:
c# backend sytax:
Int value = 1234;
Asp.net url syntax:
http://www.weburl.com/product.aspx?id=<%=Encryption.Encrypt(value)%>
And to Decrypt it, c# backend sytax:
int id = Convert.ToInt32(Encryption.Decrypt(Request.QueryString["id"].Trim()));
References
Include all the useful links or references that can help users learn about this tutorial
- How to use ASP.NET to Encrypt Data
- ASP.NET Encryption Symplified