• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1883
  • Last Modified:

Encrypt QueryString parameters in a GridView Hyperlink column

I am using ASP.NET with C#

I have a Hyperlink column in GridView ,, when I click that column, I pass two parameters ,
one  parameter is related to unique ID and another is constant for that gird.
<asp:HyperLinkField DataNavigateUrlFields="pid" HeaderText="Pt Name: click for item entry"  DataNavigateUrlFormatString="billingitemsentry.aspx?pid={0}&type=mhc"    DataTextField="pname" />

Now when I click, the pname, it is going to the destination page and doing the required things.
I wish to encrypt the DataNavigateUrlFormatString
How should the code for encryption and decryption in the destination page
I am attaching the relevant aspx page
PLEASE DO NOT REFER ME TO OTHER LINKS. PLEASE GIVE CODE DIRECTLY USING THE INFORMATION IN THE ATTACHED FILE
billinghomepage.aspx
0
Srinivas Mantha
Asked:
Srinivas Mantha
1 Solution
 
SAMIR BHOGAYTAFreelancer and IT ConsultantCommented:
hi..
Here's a simple encryption / decryption class (make sure to use your own key)

public static class Crypt
{
    // Must be random
    private static readonly byte[] key = new byte[24] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4 };

    public static string Encrypt(string input)
    {
        byte[] inputArray = UTF8Encoding.UTF8.GetBytes(input);
        TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.GenerateKey();
        tripleDES.Key = key;
        tripleDES.Mode = CipherMode.ECB;
        tripleDES.Padding = PaddingMode.PKCS7;
        ICryptoTransform cTransform = tripleDES.CreateEncryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(inputArray, 0, inputArray.Length);
        tripleDES.Clear();
        return Convert.ToBase64String(resultArray, 0, resultArray.Length);
    }

    public static string Decrypt(string input)
    {
        byte[] inputArray = Convert.FromBase64String(input);
        TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.Key = key;
        tripleDES.Mode = CipherMode.ECB;
        tripleDES.Padding = PaddingMode.PKCS7;
        ICryptoTransform cTransform = tripleDES.CreateDecryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(inputArray, 0, inputArray.Length);
        tripleDES.Clear();
        return UTF8Encoding.UTF8.GetString(resultArray);
    }
}

Assuming you had a grid view which looked like this:

<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False">
    <Columns>
        <asp:HyperLinkField DataNavigateUrlFields="Url" DataTextField="Name" />
    </Columns>
</asp:GridView>

You could set your grid data like this:

var gridData = new[]
{  
    new { Name = "Link 1", Url = "TargetPage.aspx?arg=" + Crypt.Encrypt("firstName=stephen&surname=oberauer") },
    new { Name = "Link 2", Url = "TargetPage.aspx?arg=" + Crypt.Encrypt("firstName=joe&surname=smith") }
};
GridView1.DataSource = gridData;
GridView1.DataBind();

In your target page you could decode the encrypted query string like this:

var encryptedArgs = Request.QueryString["arg"];
var decryptedArgs = HttpUtility.ParseQueryString(Crypt.Decrypt(encryptedArgs));
FirstName.Text = decryptedArgs["firstName"];
Surname.Text = decryptedArgs["surname"];

In order to make sure that your query string was not tampered with you can handle the FormatException raised by the Decrypt method and test to make sure that the arguments exist, in this case "firstName" and "surname".

URL rewriting is a separate issue, which you can use if you want to make your URL prettier. It doesn't really have much to do with making sure that nobody fiddles with the query string.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now