Encrypt QueryString parameters in a GridView Hyperlink column

I am using ASP.NET with C#

I have a Hyperlink column in GridView ,, when I click that column, I pass two parameters ,
one  parameter is related to unique ID and another is constant for that gird.
<asp:HyperLinkField DataNavigateUrlFields="pid" HeaderText="Pt Name: click for item entry"  DataNavigateUrlFormatString="billingitemsentry.aspx?pid={0}&type=mhc"    DataTextField="pname" />

Now when I click, the pname, it is going to the destination page and doing the required things.
I wish to encrypt the DataNavigateUrlFormatString
How should the code for encryption and decryption in the destination page
I am attaching the relevant aspx page
PLEASE DO NOT REFER ME TO OTHER LINKS. PLEASE GIVE CODE DIRECTLY USING THE INFORMATION IN THE ATTACHED FILE
billinghomepage.aspx
Srinivas ManthaConsultant Anesthesiologist and Pain PhysicianAsked:
Who is Participating?
 
SAMIR BHOGAYTAConnect With a Mentor Freelancer and IT ConsultantCommented:
hi..
Here's a simple encryption / decryption class (make sure to use your own key)

public static class Crypt
{
    // Must be random
    private static readonly byte[] key = new byte[24] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4 };

    public static string Encrypt(string input)
    {
        byte[] inputArray = UTF8Encoding.UTF8.GetBytes(input);
        TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.GenerateKey();
        tripleDES.Key = key;
        tripleDES.Mode = CipherMode.ECB;
        tripleDES.Padding = PaddingMode.PKCS7;
        ICryptoTransform cTransform = tripleDES.CreateEncryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(inputArray, 0, inputArray.Length);
        tripleDES.Clear();
        return Convert.ToBase64String(resultArray, 0, resultArray.Length);
    }

    public static string Decrypt(string input)
    {
        byte[] inputArray = Convert.FromBase64String(input);
        TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.Key = key;
        tripleDES.Mode = CipherMode.ECB;
        tripleDES.Padding = PaddingMode.PKCS7;
        ICryptoTransform cTransform = tripleDES.CreateDecryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(inputArray, 0, inputArray.Length);
        tripleDES.Clear();
        return UTF8Encoding.UTF8.GetString(resultArray);
    }
}

Assuming you had a grid view which looked like this:

<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False">
    <Columns>
        <asp:HyperLinkField DataNavigateUrlFields="Url" DataTextField="Name" />
    </Columns>
</asp:GridView>

You could set your grid data like this:

var gridData = new[]
{  
    new { Name = "Link 1", Url = "TargetPage.aspx?arg=" + Crypt.Encrypt("firstName=stephen&surname=oberauer") },
    new { Name = "Link 2", Url = "TargetPage.aspx?arg=" + Crypt.Encrypt("firstName=joe&surname=smith") }
};
GridView1.DataSource = gridData;
GridView1.DataBind();

In your target page you could decode the encrypted query string like this:

var encryptedArgs = Request.QueryString["arg"];
var decryptedArgs = HttpUtility.ParseQueryString(Crypt.Decrypt(encryptedArgs));
FirstName.Text = decryptedArgs["firstName"];
Surname.Text = decryptedArgs["surname"];

In order to make sure that your query string was not tampered with you can handle the FormatException raised by the Decrypt method and test to make sure that the arguments exist, in this case "firstName" and "surname".

URL rewriting is a separate issue, which you can use if you want to make your URL prettier. It doesn't really have much to do with making sure that nobody fiddles with the query string.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.