Search All Articles 
Wednesday, November 5, 2008
How to do encryption and decryption of sensitive data when passed as querystring or storing into database.
Generally we are passing any parameter from one page to another page by the following way
1.hidden field
2.session
3.cookies
4.application
5.query string.
Among all the above techniques query string is one. When we are passing any sensitive data like credit card number or password then we need to do encryption for the respective parameters that means for providing security.
Example:
Suppose HomePage.aspx is there and after passing user credential ,i want to show welcome.aspx page but before that i want to pass password as encrypt format in the querystring.
step1: Create a Encryption.cs class in the App_Code. In this add two function for Encryption and Decryption as below.
////comment:for encryption use any encryption technique like symmetric or asymmetric
private static byte[] key = { };
private static byte[] IV = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; //any value we can take
private static string EncryptionKey = "!5623a#de"; //any value as encryption key we can take
public string Encrypt(string input)
{
Byte[] inputByteArray = new Byte[Input.Length];
try
{
key = System.Text.Encoding.UTF8.GetBytes
(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(Input);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
Encoding encoding = Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
catch (Exception ex)
{
return "";
}
}
public string Decrypt(string input)
{
try
{
key = System.Text.Encoding.UTF8.GetBytes
(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
Byte[] inputByteArray = Encoding.UTF8.GetBytes(Input);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream
(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.ToArray());
}
catch (Exception ex)
{
return "";
}
}
Step2: After creating class file we will pass parameter as querystring into URL
if control is button the write the following code
string pwdEncrypt=Encryption.Encrypt("value");
string username="username";
Response.Redirect("payment.aspx?userid="+username+"&pwd="+pwdEncrypt);
if control is Hyperlink then write the code in the pre-render event or load event of the page because if u write the code as below
string pwdEncrypt=Encryption.Encrypt("value");
string username="username";
HyperLink1.NavigateUrl = "payment.aspx?userid=" + username + "&pwd=" + pwdEncrypt;
Decrypting:
In payment.aspx.cs
In Page Load write the following code to decrypt the password.
if(Request.QueryString["pwd"] != null)
{
string pass = Encryption.Decrypt(Request.QueryString["pwd"]);
}
Subscribe to:
Post Comments (Atom)
Also Read other Top Articles
- JSON Serialization in VS 2008
- Implementing Forms Authentication in Silverlight Application.
- Making GridView Rows or Individual Cells Clickable and Selectable.
- Enabling browser back button for GridView Paging and Sorting in Ajax 1.1 and 3.5 (using Visual Studio 2005/ Visual studio 2008)
- How to pass values from User Control to Page or calling Page methods from User Control.
- What is WCF?
- New features in C# 4.0
- C# to VB.NET and VB.NET to C# online free converter tools.
Latest Articles
3 comments:
This is really useful. we can just change the encryption key and use it.
It is really fine consolidated effort to bring nice idea about dotnet
Thanks mukharanja.
Post a Comment
Post your comments/questions/feedback for this Article.