interviews.dotnetthread.com

↑ Grab this Headline Animator

Wednesday, November 5, 2008

How to do encryption and decryption of sensitive data when passed as querystring or storing into database.

Generally we are passing any parameter from one page to another page by the following way

1.hidden field
2.session
3.cookies
4.application
5.query string.

Among all the above techniques query string is one. When we are passing any sensitive data like credit card number or password then we need to do encryption for the respective parameters that means for providing security.

Example:

Suppose HomePage.aspx is there and after passing user credential ,i want to show welcome.aspx page but before that i want to pass password as encrypt format in the querystring.

step1: Create a Encryption.cs class in the App_Code. In this add two function for Encryption and Decryption as below.

////comment:for encryption use any encryption technique like symmetric or asymmetric
private static byte[] key = { };
private static byte[] IV = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; //any value we can take
private static string EncryptionKey = "!5623a#de"; //any value as encryption key we can take


public string Encrypt(string input)
{
Byte[] inputByteArray = new Byte[Input.Length];
try
{
key = System.Text.Encoding.UTF8.GetBytes
(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(Input);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();

Encoding encoding = Encoding.UTF8;
return encoding.GetString(ms.ToArray());

}
catch (Exception ex)
{
return "";
}
}
public string Decrypt(string input)
{
try
{
key = System.Text.Encoding.UTF8.GetBytes
(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
Byte[] inputByteArray = Encoding.UTF8.GetBytes(Input);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream
(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.ToArray());
}
catch (Exception ex)
{
return "";
}



}


Step2: After creating class file we will pass parameter as querystring into URL

if control is button the write the following code

string pwdEncrypt=Encryption.Encrypt("value");
string username="username";
Response.Redirect("payment.aspx?userid="+username+"&pwd="+pwdEncrypt);

if control is Hyperlink then write the code in the pre-render event or load event of the page because if u write the code as below

string pwdEncrypt=Encryption.Encrypt("value");
string username="username";
HyperLink1.NavigateUrl = "payment.aspx?userid=" + username + "&pwd=" + pwdEncrypt;

Decrypting:

In payment.aspx.cs

In Page Load write the following code to decrypt the password.
if(Request.QueryString["pwd"] != null)
{
string pass = Encryption.Decrypt(Request.QueryString["pwd"]);
}

Submit this story to DotNetKicks

3 comments:

Anonymous said...

This is really useful. we can just change the encryption key and use it.

mukharanja said...

It is really fine consolidated effort to bring nice idea about dotnet

Anil Kumar Reddy said...

Thanks mukharanja.

Post a Comment

Post your comments/questions/feedback for this Article.

 

Latest Articles