Wednesday, May 9, 2012

Encrypting Query string value and pass to another Page and decrypt the query string value

In this post I am going to explain about how to encrypt the Query string value and how to decrepit the query string value from one page to another page.We know that the query string value will known to the user and user can simply chenge the Query string value and he may obtain the details of other user also.So I have Used this Encrypt/Decrepit in my recent application.For this I am using the MD5CryptoServiceProvider Class.
To do this first we write the two methods in one class with the following code.


  public class Encrypt
    {
        public static string EncryptString(string Message, string Passphrase)
        {

            byte[] Results;

            System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();

            //  1. We hash the passphrase using MD5

            // We use the MD5 hash generator as the result is a 128 bit byte array

            // which is a valid length for the TripleDES encoder we use below


             MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();

            byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase));

            //  2. Create a new TripleDESCryptoServiceProvider object

            TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();

            //  3. Setup the encoder

            TDESAlgorithm.Key = TDESKey;

            TDESAlgorithm.Mode = CipherMode.ECB;

            TDESAlgorithm.Padding = PaddingMode.PKCS7;

            //  4. Convert the input string to a byte[]

            byte[] DataToEncrypt = UTF8.GetBytes(Message);

            //  5. Attempt to encrypt the string

            try
            {

                ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();

                Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);

            }

            finally
            {

                // Clear the TripleDes and Hashprovider services of any sensitive information

                TDESAlgorithm.Clear();

                HashProvider.Clear();

            }


            //  6. Return the encrypted string as a base64 encoded string

            return Convert.ToBase64String(Results);

        }


        public static string DecryptString(string Message, string Passphrase)
        {

            byte[] Results;

            System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();

            // Step 1. We hash the passphrase using MD5

            // We use the MD5 hash generator as the result is a 128 bit byte array

            // which is a valid length for the TripleDES encoder we use below
            MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();

            byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase));



            // Step 2. Create a new TripleDESCryptoServiceProvider object

            TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();



            // Step 3. Setup the decoder

            TDESAlgorithm.Key = TDESKey;

            TDESAlgorithm.Mode = CipherMode.ECB;

            TDESAlgorithm.Padding = PaddingMode.PKCS7;



            // Step 4. Convert the input string to a byte[]

            byte[] DataToDecrypt = Convert.FromBase64String(Message);



            // Step 5. Attempt to decrypt the string

            try
            {

                ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();

                Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);

            }

            finally
            {

                // Clear the TripleDes and Hashprovider services of any sensitive information

                TDESAlgorithm.Clear();

                HashProvider.Clear();

            }


            // Step 6. Return the decrypted string in UTF8 format

            return UTF8.GetString(Results);

        }
    }

Then create the first aspx page with the following code


<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
   
        <asp:Button ID="Button1" runat="server" onclick="Button1_Click"
            Text="Redirect to Secondpage" />
   
    </div>
    </form>
</body>
</html>

Write the following Code in the Code behind Page under Button Click

protected void Button1_Click(object sender, EventArgs e)
        {
          

            string Password = "Query1";
            string Msg = "Prakash";
          

            string EncryptedString = Encrypt.EncryptString(Msg, Password);


            Response.Redirect("Default2.aspx?" + EncryptedString);
        }


Now design the Default2.aspx page with the following Code



<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
   
    </div>
    </form>
</body>
</html>


In the page load of Default2.aspx use the following code to read the query string value.


protected void Page_Load(object sender, EventArgs e)
        {
            string Password = "Query1";
            string URL =Request.Url.ToString().Trim() ;
           
           
            string EncodedQueryString = URL.Substring(URL.LastIndexOf('?')+1, (URL.Length-(URL.LastIndexOf('?')+1)));
                string QryString1  = Encrypt.DecryptString(EncodedQueryString, Password);
                Response.Write("Query String value is " + QryString1);
        }

Output :



Posted by at 3:45 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)