Best way to encrypt/decrypt querystring in .Net

Please find the best way to do Encryption/Decryption in .net. If you use standard way of accessing query string parameter values after encrypting or hashing you will get errors. Using following way, it will generate safe Encryption/Decryption in query string.

Encrypt :

    static string Encrypt(string originalString)
    {
        if (String.IsNullOrEmpty(originalString))
        {
            return string.Empty;
        }
        DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream cryptoStream = new CryptoStream(memoryStream,
            cryptoProvider.CreateEncryptor(bytes, bytes), CryptoStreamMode.Write);
        StreamWriter writer = new StreamWriter(cryptoStream);
        writer.Write(originalString);
        writer.Flush();
        cryptoStream.FlushFinalBlock();
        writer.Flush();
        return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.Length);
    }

string qs = "?uid=" + Encrypt("sample user id & key");

Decrypt :

    static string Decrypt(string cryptedString)
    {
        if (String.IsNullOrEmpty(cryptedString))
        {
            return string.Empty;
        }
        DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
        MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(cryptedString));
        CryptoStream cryptoStream = new CryptoStream(memoryStream,
            cryptoProvider.CreateDecryptor(bytes, bytes), CryptoStreamMode.Read);
        StreamReader reader = new StreamReader(cryptoStream);
        return reader.ReadToEnd();
    }

    private string GetRawUrlQueryString(string key)
    {
        string val = string.Empty;

        string url = HttpContext.Current.Request.RawUrl;

        int start = url.IndexOf("?");
        if (start >= 0)
        {
            string qs = url.Substring(start + 1);
            string[] parts = qs.Split('&');
            foreach (string part in parts)
            {
                if (part.Trim().StartsWith(key + "="))
                {
                    val = part.Trim().Replace(key + "=", "");
                    break;
                }
            }
        }
        return val;
    }

string receiveduid = GetRawUrlQueryString("uid");
string uid =  Decrypt(receivedui);

Important :

Do not use Request.QueryString["uid"] get the query string value as .net framework by default convert actual query string value with url encode. If so your decryption or base64 conversion will fail.

Comments

Post a Comment

Popular posts from this blog

Embedding PowerBI with ASP.NET Core 2 and Angular(2,4,5)

Image
Background 
Integration of PowerBI into ASP.Net is straightforward as far as you follow the Microsoft documentation. When it comes to ASP.NET Core 2, it is not, at the time of writing this article. Let me guide you through the steps I followed to successfully embed PowerBI reports to our ASP.NET Core2 / Angular5 enterprise website.

Two Scenarios

 1. User Owns Data - where users will be directly registered in PowerBi portal
https://docs.microsoft.com/en-us/power-bi/developer/integrate-report
2. App Owns Data - you have an application which owns the data and you have users to view these reports but they are not registered in PowerBI as direct users - ISV situation
https://docs.microsoft.com/en-us/power-bi/developer/embed-sample-for-customers
Following steps are focused on scenario 2 which is app own data, but it is not limited to use this information for scenario 1 as well.
[Flow of authentication and authorization (from Microsoft documentation)]
Step 1: Register your app
Make sure your app…
Read more

Handling Exit Event of Console Application in C#

Do you wan to do something on the exit event of Console Application. .Net framework does not provide such direct event to do that. You can use following workaround to have that kind of event in your application.


        [STAThread]
        static void Main(string[] args)
        {
            HandlerRoutine hr = new HandlerRoutine(Handler);
            SetConsoleCtrlHandler(hr, true);
            GC.KeepAlive(hr); 

        }

        public static void DoOnAppExit()
        {
                  //Do something......
        }

        #region Handle App Exit

        static Boolean Handler(CtrlTypes CtrlType)
        {
            // A switch to handle the event type.
            switch (CtrlType)
            {
                case CtrlTypes.CTRL_C_EVENT:
                case CtrlTypes.CTRL_BREAK_EVENT:
                case CtrlTypes.CTRL_CLOSE_EVENT:
                case CtrlTypes.CTRL_LOGOFF_EVENT:
                case CtrlTypes.CTRL_SHUTDOWN_EVENT:
                    DoOnAppExit();
  …
Read more

CSS text-overflow ellipsis in the beginning of the the text - Left Ellipsis using CSS in a Flex box

Image
Problem:
If you want to have css text overflow ellipsis in the left (beginning of the text), there is no straight forward solution to get it working in all browsers (especially in Safari). There are several CSS tricks that you will end up only working few browsers. It will be further difficult, if you are trying to achieve this in flex container.
Solution:
Combining few ideas found in the stack-overflow, manged to get it working in most of the browsers including safari.
".cont" is flex box and either you can set a width to it, or can inherit the width from parent container element.
.ellipsis:after { content: ""; background-color: white; color: transparent; position: relative; z-index: 2; min-width: 100%; display: inline-block; min-height: 1rem; } .ellipsis { direction: rtl; display: inline-block; width: calc(100% - .1em); white-space: nowrap; overflow: hidde…
Read more