Wednesday, 13 April 2011

Encrypt and Decrypt query string

 Using query strings to send Parameters from one Page to next page , giving the visitor of a web application the opportunity of modifying query strings by transmitting them in clear text, is certainly a potential security threat. Thus, I  encrypt query strings, even if they do not contain confidential data. However, I am aware that it is still possible to alternate an encrypted query string Using some other math codes.

So, let's get down to the code here is basic encryption

In form code:

        <asp:TextBox ID="txt1" runat="server"></asp:TextBox>
        <asp:Button ID="btn1" runat="server" Text="Button" onclick="btn1_Click" />         

In c#:

 in Form1.aspx:

  string encodedString;//Declare this is in  Global 
protected void btn1_Click(object sender, EventArgs e)
        string str = txt1.Text;      
        encodedString = (Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(str)));      
        Response.Redirect("~/laterRQ.aspx?str=" + encodedString);

 in Form2.aspx:
take one Label in Form2.aspx and Display the text,

<asp:Label ID="lbl" runat="server"></asp:TextBox>

string decodedString;//Declare this is in  Global
    protected void Page_Load(object sender, EventArgs e)
       decodedString = System.Text.ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(Request.QueryString["str"]));
        lbl1.Text = decodedString; 


No comments:

Post a Comment