locked
How to crypt URL? RRS feed

  • Question

  • User986610096 posted

    Hello,

    To open many aspx pages in my application il use parameters and sometimes the user name and password as required. For instance :

    Response.Redirect("subscribe.aspx?From=LoginUser&UserName=" & txtUserName.Text & "&UserEmail=" & txtEmail.Text & "&UserPassword=" & txtPassword.Text) 

    the probem is that after running this code the URL become :

    Response.Redirect("subscribe.aspx?From=LoginUser&UserName="toto" &UserEmail=" toto@yahoo.fr"&UserPassword="totototo")            

    You undertand this is not a ggod thing because user can see theses information and worse google can record thes infos.

    Is there any way to crypt URL Informations?

    Thanks in advance

     

     

    Sunday, November 20, 2011 11:07 AM

Answers

  • User-751973816 posted

    first get your strings from the URL and then use the following class to decrypt and encrypt it:

    Private key() As Byte = {}
        Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
        Public Function Decrypt(ByVal stringToDecrypt As String, _
               ByVal sEncryptionKey As String) As String
            Dim inputByteArray(stringToDecrypt.Length) As Byte
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider()
                inputByteArray = System.Convert.FromBase64String(stringToDecrypt)
                Dim ms As New MemoryStream()
                Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
                Return encoding.GetString(ms.ToArray())
            Catch e As Exception
                Return e.Message
            End Try
        End Function
        Public Function Encrypt(ByVal stringToEncrypt As String, _
               ByVal SEncryptionKey As String) As String
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider()
                Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes( _
                    stringToEncrypt)
                Dim ms As New MemoryStream()
                Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Return System.Convert.ToBase64String(ms.ToArray())
            Catch e As Exception
                Return e.Message
            End Try
        End Function
    
    
    
    hope it helps.
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 25, 2011 8:01 AM

All replies

  • User-434868552 posted

    @ cheickna

    (a) redesign you application to avoid the need to do that;

    (b) if for some reason (a) is not possible, use SSL.

    g.

    Sunday, November 20, 2011 11:11 AM
  • User986610096 posted

    Hello Gerrylowry

    Thank's for your reply. I have to do this because i have many information to manage between diffrent pages. But i aggre with you i must avoid to pass identifiaction information. I can try to don't use username and password into my url but i can't for others parameters. For instance sometimes i want to know if the current page has another page as previous...

     

    Sunday, November 20, 2011 11:22 AM
  • User-434868552 posted

    @ cheickna

    http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx

    why not use SSL?  i get my certificates from http://lifelinedesign.ca/Contact.html because their prices are reasonable.

    self-signed certificates are free

    cheickna, perhaps you could explain why exposing the previous page is a security flaw in your situation?

       TIMTOWTDI  =.  there is more than one way to do it

    example, identify your pages at the server using a dictionary ...

         Key     Value
         abc     pagexyz.aspx
         def      pageytr.apsx
         ghi      pagexyz.aspx
         jkl       pagexyz.aspx
         mno    pageytr.aspx

    you can obfuscate your page id at the client side by using different keys for the same server side page.

    g.

    P.S.:  it would help if you clearly stated which technology you are using:

    1.ASP.NET MVC 3?               http://www.asp.net/mvc
    2.ASP.NET WebForms?         http://www.asp.net/web-forms
    3.ASP.NET WebPages?         http://www.asp.net/web-pages
    4.some other technology?

    Sunday, November 20, 2011 11:53 AM
  • User-751973816 posted

    first get your strings from the URL and then use the following class to decrypt and encrypt it:

    Private key() As Byte = {}
        Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
        Public Function Decrypt(ByVal stringToDecrypt As String, _
               ByVal sEncryptionKey As String) As String
            Dim inputByteArray(stringToDecrypt.Length) As Byte
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider()
                inputByteArray = System.Convert.FromBase64String(stringToDecrypt)
                Dim ms As New MemoryStream()
                Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
                Return encoding.GetString(ms.ToArray())
            Catch e As Exception
                Return e.Message
            End Try
        End Function
        Public Function Encrypt(ByVal stringToEncrypt As String, _
               ByVal SEncryptionKey As String) As String
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider()
                Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes( _
                    stringToEncrypt)
                Dim ms As New MemoryStream()
                Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Return System.Convert.ToBase64String(ms.ToArray())
            Catch e As Exception
                Return e.Message
            End Try
        End Function
    
    
    
    hope it helps.
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 25, 2011 8:01 AM