Best way to encrypt/decrypt querystring in .Net

Please find the best way to do Encryption/Decryption in .net. If you use standard way of accessing query string parameter values after encrypting or hashing you will get errors. Using following way, it will generate safe Encryption/Decryption in query string.

Encrypt :

    static string Encrypt(string originalString)
    {
        if (String.IsNullOrEmpty(originalString))
        {
            return string.Empty;
        }
        DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream cryptoStream = new CryptoStream(memoryStream,
            cryptoProvider.CreateEncryptor(bytes, bytes), CryptoStreamMode.Write);
        StreamWriter writer = new StreamWriter(cryptoStream);
        writer.Write(originalString);
        writer.Flush();
        cryptoStream.FlushFinalBlock();
        writer.Flush();
        return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.Length);
    }

string qs = "?uid=" + Encrypt("sample user id & key");

Decrypt :

    static string Decrypt(string cryptedString)
    {
        if (String.IsNullOrEmpty(cryptedString))
        {
            return string.Empty;
        }
        DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
        MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(cryptedString));
        CryptoStream cryptoStream = new CryptoStream(memoryStream,
            cryptoProvider.CreateDecryptor(bytes, bytes), CryptoStreamMode.Read);
        StreamReader reader = new StreamReader(cryptoStream);
        return reader.ReadToEnd();
    }

    private string GetRawUrlQueryString(string key)
    {
        string val = string.Empty;

        string url = HttpContext.Current.Request.RawUrl;

        int start = url.IndexOf("?");
        if (start >= 0)
        {
            string qs = url.Substring(start + 1);
            string[] parts = qs.Split('&');
            foreach (string part in parts)
            {
                if (part.Trim().StartsWith(key + "="))
                {
                    val = part.Trim().Replace(key + "=", "");
                    break;
                }
            }
        }
        return val;
    }

string receiveduid = GetRawUrlQueryString("uid");
string uid =  Decrypt(receivedui);

Important :

Do not use Request.QueryString["uid"] get the query string value as .net framework by default convert actual query string value with url encode. If so your decryption or base64 conversion will fail.

Comments

Post a Comment

Popular posts from this blog

CSS text-overflow ellipsis in the beginning of the the text - Left Ellipsis using CSS in a Flex box

Image
Problem: If you want to have css text overflow ellipsis in the left (beginning of the text), there is no straight forward solution to get it working in all browsers (especially in Safari). There are several CSS tricks that you will end up only working few browsers. It will be further difficult, if you are trying to achieve this in flex container. Solution: Combining few ideas found in the stack-overflow, manged to get it working in most of the browsers including safari. ".cont" is flex box and either you can set a width to it, or can inherit the width from parent container element. .ellipsis:after { content: ""; background-color: white; color: transparent; position: relative; z-index: 2; min-width: 100%; display: inline-block; min-height: 1rem; } .ellipsis { direction: rtl; display: inline-block; width: calc(100% - .1em); white-space: nowrap; overflow: h
Read more

Embedding PowerBI with ASP.NET Core 2 and Angular(2,4,5)

Image
Background  Integration of PowerBI into ASP.Net is straightforward as far as you follow the Microsoft documentation. When it comes to ASP.NET Core 2, it is not, at the time of writing this article. Let me guide you through the steps I followed to successfully embed PowerBI reports to our ASP.NET Core2 / Angular5 enterprise website. Two Scenarios 1. User Owns Data - where users will be directly registered in PowerBi portal https://docs.microsoft.com/en-us/power-bi/developer/integrate-report 2. App Owns Data - you have an application which owns the data and you have users to view these reports but they are not registered in PowerBI as direct users - ISV situation https://docs.microsoft.com/en-us/power-bi/developer/embed-sample-for-customers Following steps are focused on scenario 2 which is app own data, but it is not limited to use this information for scenario 1 as well. [Flow of authentication and authorization (from Microsoft documentation)] Step 1: Regis
Read more

Selenium With .Net

Recently I had a chance to work with Selenium framwork. It is pretty easy to intrgrate automated testing into .net with Selenium. Also for project like web site scrapping and automated posting, can be easily developped with few lines of code. Following code lines will automate a web site login with use of selenium framework. ISelenium selenium = new DefaultSelenium(seleniumServer, port, browser, website); selenium.Start(); selenium.Open(ConfigLoader.Configurations.LoginPageUrl); selenium.WaitForPageToLoad((ConfigLoader.Configurations.WaitingTime * 1000).ToString()); selenium.Type("ctl00_PageContent_UserName", ConfigLoader.Configurations.UserName); selenium.Type("ctl00_PageContent_Password", ConfigLoader.Configurations.Password); selenium.Click("ctl00_PageContent_OKButton__Button"); selenium.WaitForPageToLoad((ConfigLoader.Configurations.WaitingTime * 1000).ToString());
Read more