All geek questions in one place

How to encrypt / decrypt a url in C #

Do I have a URL of www.site-address / site-page / page1.aspx? username = deepu & password = deepu how can I change the URL www.site-address / website-page / page1.aspx username = 232322323232 &? password = 2323232322323 i.e. I want to encrypt the fields that I pass through the URL, please help me encrypt and decrypt the URL in C # using .net, now I use response.redirect and pass these values ​​as a query string .... help help. ...

+3
source share
4 answers

Your approach is wrong, and encryption does not really help the underlying problem. If you exit through a network, you rarely (should never) see the template as what you describe, even if it is encrypted.

Instead, you should store user credentials as securely as possible on the server and pass a unique, short-lived session token in the request, which you can use to search for credentials.

As for secure storage on the server, as soon as you receive the user password for the first time, you should use a one-way hash, for example SHA256, with salt. You can pass this value wherever it is, save it and check if there is a potential password for the hash that you saved. Treat your user password as toxic waste - dispose of it as quickly as possible. You want to be in a password storing a business as badly as you want to be in a toxic waste repository.

(Answered from my iPhone, links that appear or someone wants to help me! :))

+5
source

It will not work the way you want, but yes encryption is possible, as described below.

Encryption Page:

string id1 = "id1"; Response.Redirect("decryptionPage.aspx?id1=" + HttpUtility.UrlEncode(Encrypt(id1))); private string Encrypt(string stringToEncrypt) { byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt); byte[] rgbIV = { 0x21, 0x43, 0x56, 0x87, 0x10, 0xfd, 0xea, 0x1c }; byte[] key = { }; try { key = System.Text.Encoding.UTF8.GetBytes("A0D1nX0Q"); DESCryptoServiceProvider des = new DESCryptoServiceProvider(); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, rgbIV), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); return Convert.ToBase64String(ms.ToArray()); } catch (Exception e) { return e.Message; } }

Decryption Page:

 string getId1 = Convert.ToString(Request.QueryString["id1"]); var qs = Decrypt(HttpUtility.UrlDecode(getId1)); private string Decrypt(string EncryptedText) { byte[] inputByteArray = new byte[EncryptedText.Length + 1]; byte[] rgbIV = { 0x21, 0x43, 0x56, 0x87, 0x10, 0xfd, 0xea, 0x1c }; byte[] key = { }; try { key = System.Text.Encoding.UTF8.GetBytes("A0D1nX0Q"); DESCryptoServiceProvider des = new DESCryptoServiceProvider(); inputByteArray = Convert.FromBase64String(EncryptedText); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, rgbIV), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); System.Text.Encoding encoding = System.Text.Encoding.UTF8; return encoding.GetString(ms.ToArray()); } catch (Exception e) { return e.Message; } }
+7
source

Do you really want to do this? If you are worried about usernames and passwords, then there seems to be some value to the information or features that you provide. When passing URLs, you leave several attack surfaces wide open (not least repeat attacks when someone can impersonate your users.

What are you really trying to do, and why can't you use what is provided in ASP.NET ?

+4
source

Why aren't you sending values ​​instead of using a query? With SSL, at least no one will see the password encrypted or otherwise. Extra passwords in the URL provide no security. This is like scattering the keys to your home throughout the area and hoping that no one will ask them to open their home.

This is basically an erroneous premise. Urls are cached in different ways, so it makes sense not to enter passwords in them.

However, you are not alone in placing passwords in the URL. check this

http://support.microsoft.com/kb/135975

+1
source

Source: https://habr.com/ru/post/1343825/

More articles:


All Articles