Asp.net 2.0 has been released, but Asp.net still does not have any built-in support for passing querystring in encrypted text. The following class will give you the support to pass querystring in encrypted rather than plain.
Usage:
//WebForm1.aspx, From the sender
SecureUrl url = new SecureUrl("WebForm2.aspx?Key1=Value1&Key2=Value2");// WebForm2.aspx?param=HrxR96wU%2foN8VhElKlT32taPZLQzADf1
Response.Redirect(url.ToString());
//WebForm2.aspx, To Receiver
SecureUrl url = new SecureUrl(Request.Url.PathAndQuery);
string Key1Value = url["Key1"];
string Key2Value = url["Key2"];
using System;
using System.IO;
using System.Text;
using System.Diagnostics;
using System.Collections;
using System.Collections.Specialized;
using System.Security.Cryptography;
using System.Web;
public sealed class SecureUrl
{
private const string ENCRYPTED_KEY_NAME = "param";
private const string RETURN_URL = "returnUrl";
private const string RETURN_PARAM = "returnParam";
//DES Key size is 64 bit or 8 byte
private static readonly byte\[\] Key = new byte\[\] {33, 93, 171, 1, 85, 23, 231, 145};
private string \_pageUrl = string.Empty;
private StringDictionary \_queryString = new StringDictionary();
public string this\[string key\]
{
\[DebuggerStepThrough()\]
get
{
if (\_queryString.ContainsKey(key.ToLower()))
{
return \_queryString\[key\];
}
return string.Empty;
}
\[DebuggerStepThrough()\]
set
{
if ((value != null) && (value.Trim().Length > 0))
{
\_queryString\[key.ToLower()\] = value;
}
else
{
\_queryString.Remove(key.ToLower());
}
}
}
public string ReturnUrl
{
\[DebuggerStepThrough()\]
get
{
if (\_queryString.ContainsKey(RETURN\_URL))
{
return \_queryString\[RETURN\_URL\];
}
return string.Empty;
}
\[DebuggerStepThrough()\]
set
{
if ((value != null) && (value.Trim().Length > 0))
{
\_queryString\[RETURN\_URL\] = value;
}
else
{
\_queryString.Remove(RETURN\_URL);
}
}
}
public string ReturnParameters
{
\[DebuggerStepThrough()\]
get
{
if (\_queryString.ContainsKey(RETURN\_PARAM))
{
return \_queryString\[RETURN\_PARAM\];
}
return string.Empty;
}
\[DebuggerStepThrough()\]
set
{
if ((value != null) && (value.Trim().Length > 0))
{
\_queryString\[RETURN\_PARAM\] = value;
}
else
{
\_queryString.Remove(RETURN\_PARAM);
}
}
}
public SecureUrl(string fullUrl)
{
if (fullUrl.IndexOf('?') > 0)
{
string\[\] urlAndQueryString = fullUrl.Split('?');
\_pageUrl = urlAndQueryString\[0\];
if (urlAndQueryString.Length > 1)
{
Parse(urlAndQueryString\[1\]);
}
}
else
{
\_pageUrl = fullUrl;
}
}
public SecureUrl(string url,
string queryString)
{
\_pageUrl = url;
Parse(queryString);
}
\[DebuggerStepThrough()\]
public void Clear()
{
\_queryString.Clear();
}
\[DebuggerStepThrough()\]
public bool Contains(string key)
{
return \_queryString.ContainsKey(key.ToLower());
}
\[DebuggerStepThrough()\]
public void Remove(string key)
{
\_queryString.Remove(key);
}
\[DebuggerStepThrough()\]
public override string ToString()
{
return ToString(false);
}
\[DebuggerStepThrough()\]
public string ToString(bool unicode)
{
StringBuilder queryString = new StringBuilder();
foreach(DictionaryEntry entry in \_queryString)
{
queryString.Append(entry.Key.ToString().ToLower());
queryString.Append('=');
queryString.Append(HttpUtility.UrlEncode(entry.Value.ToString()));
queryString.Append('&');
}
if (queryString.Length > 0)
{
//Remove the last &
queryString.Remove(queryString.Length - 1, 1);
}
string encryptedQuery = Encrypt(queryString.ToString());
string encodedQuery = HttpUtility.UrlEncode(encryptedQuery);
if (unicode)
{
//Required if we are passing it to JavaScript
encodedQuery = HttpUtility.UrlEncodeUnicode(encodedQuery);
}
string result = string.Empty;
if (encodedQuery.Length > 0)
{
result = \_pageUrl + "?" + ENCRYPTED\_KEY\_NAME + "=" + encodedQuery;
}
else
{
result = \_pageUrl;
}
return result;
}
\[DebuggerStepThrough()\]
private void Parse(string queryString)
{
string\[\] pairs = queryString.Split('&');
if ((pairs != null) && (pairs.Length > 0))
{
for(int i = 0; i < pairs.Length; i++)
{
string\[\] pair = pairs\[i\].Split('=');
string key = pair\[0\];
string value = pair\[1\];
value = HttpUtility.UrlDecode(value);
if (string.Compare(key, ENCRYPTED\_KEY\_NAME, true) == 0)
{
if (value.Length > 0)
{
string decryptedString = HttpUtility.UrlDecode(Decrypt(value));
string\[\] keyAndValues = decryptedString.Split('&');
if ((keyAndValues != null) && (keyAndValues.Length > 0))
{
for(int j = 0; j < keyAndValues.Length; j++)
{
string\[\] keyAndValue = keyAndValues\[j\].Split('=');
if ((keyAndValue != null) && (keyAndValue.Length == 2))
{
\_queryString.Add(keyAndValue\[0\].ToLower(), keyAndValue\[1\]);
}
}
}
}
}
else
{
\_queryString.Add(key.ToLower(), value);
}
}
}
}
\[DebuggerStepThrough()\]
private static string Encrypt(string plain)
{
if ((plain == null) || (plain.Length == 0))
{
return null;
}
using(SymmetricAlgorithm crypto = CreateCrypto())
{
return System.Convert.ToBase64String(Read(crypto.CreateEncryptor(), Encoding.ASCII.GetBytes(plain)));
}
}
\[DebuggerStepThrough()\]
private static string Decrypt(string cipher)
{
if ((cipher == null) || (cipher.Length == 0))
{
return null;
}
using(SymmetricAlgorithm crypto = CreateCrypto())
{
return Encoding.ASCII.GetString(Read(crypto.CreateDecryptor(), System.Convert.FromBase64String(cipher)));
}
}
\[DebuggerStepThrough()\]
private static SymmetricAlgorithm CreateCrypto()
{
//Using DES as it is the fastest among the others
SymmetricAlgorithm crypto = new DESCryptoServiceProvider();
crypto.Key = Key;
crypto.IV = new byte\[crypto.IV.Length\];
return crypto;
}
\[DebuggerStepThrough()\]
private static byte\[\] Read(ICryptoTransform transformer,
byte\[\] data)
{
using(MemoryStream ms = new MemoryStream())
{
using(CryptoStream cs = new CryptoStream(ms, transformer, CryptoStreamMode.Write))
{
cs.Write(data, 0, data.Length);
cs.FlushFinalBlock();
return ms.ToArray();
}
}
}
}
kick it on DotNetKicks.com