Encrypted Querystring
Hello friends When we are passing data between two asp.net pages we will use querystring. But the original value will be displayed there which is not a secure way to do. So we must encrypt that information.
I faced the same situation and searched GOOGLE and come across a nice article by Mr.Tiberius OsBurn of DEVCITY. The original article you can get at: http://www.devcity.net/PrintArticle.aspx?ArticleID=47.
Basically I am C# guy. I made some changes to that program and its working fine now.
First we will write a class file where Encrypt and Decrypt functions will be there.By using them we will execute that.
1) Create a class file in APP_CODE folder and paste this code.
Code Begins
”
using System;
using System.IO;
using System.Xml;
using System.Text;
using System.Security.Cryptography;
public class Encryption64
{
private byte[] key = { };
private byte[] IV = { 18, 52, 86, 120, 144, 171, 205, 239 };
public string Decrypt(string stringToDecrypt, string sEncryptionKey)
{
byte[] inputByteArray = new byte[stringToDecrypt.Length + 1];
try
{
//key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8));
key = System.Text.Encoding.UTF8.GetBytes(sEncryptionKey.ToCharArray(), 0, 8);
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(stringToDecrypt);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
catch (Exception e)
{
return e.Message;
}
}
public string Encrypt(string stringToEncrypt, string SEncryptionKey)
{
try
{
key = System.Text.Encoding.UTF8.GetBytes(SEncryptionKey.ToCharArray(), 0, 8);
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.ToArray());
}
catch (Exception e)
{
return e.Message;
}
}
}
”
Code Ends
Take an aspx page and write the code and write the code below.
”
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
public partial class Test : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
public string encryptQueryString(string strQueryString)
{
//ExtractAndSerialize.Encryption64 oES =
// new ExtractAndSerialize.Encryption64();
Encryption64 oES = new Encryption64();
return oES.Encrypt(strQueryString, “!#$a54?3”);
}
public string decryptQueryString(string strQueryString)
{
Encryption64 oES = new Encryption64();
return oES.Decrypt(strQueryString, “!#$a54?3”);
}
protected void lnk_btn_Click(object sender, EventArgs e)
{
string strValues = “search”;
string strURL = “http://yoursite.com?search=”
+ encryptQueryString(strValues);
Response.Redirect(strURL);
}
}
”
In aspx
Take a link button with Id=”lnk_btn”.
when you click it will encrypt an you can decrypt by using the class file.
Bye
Bharath Radhekrishna 
I really like your articles but I am having some problems with the QueryString encyption showing compile error in VS2005. “!#$a54?3″shows following “)expected”
Also closing } shows following “Invalid Expression term }” What am I missing?
thanks for the code it work @mike i think you might have the wrong type of quotes.
i used the below code to retrieve the query string value
string strRegId= Request.QueryString[“iregID”].ToString();
string strVRegId = decryptQueryString(strRegId.ToString());
Response.Write(strVRegId);
but it show the following error….
Invalid length for a Base-64 char array.
Hi Bharat
I really appreciate the code sample, its a lifesaver
-Chuck
Nice code thats work fine for me.
Hello,
I have just looked at this code with a bird’s eye view.
My question is that I have found at some places code like:
return Convert.ToBase64String(ms.ToArray());
Probably I have read some where that Base64 encoding causes problems and puts “=” characters at its end and thus causes problem when used in query string because “=” is a special character used in querystring.
Please guide me, if I am wrong. I will use the above code in amy web application and will rediect the customer from his email to my site using some encrypted query string that will contain his Order Number.
But my question, will base64 encoding cause problem of special characters soemtime ?
Hi Dude..thanks for the Idea ..it worked like a charm………..
Thanks
I really enjoy reading on this website , it holds wonderful posts . “Dream no small dreams. They have no power to stir the souls of men.” by Victor Hugo.