How can I make a line of proof of a request?

Question

How can I make a line of proof of a request?

I need to use query strings in the url, but I need to make sure that they were not faked. I found a solution that almost works , but the encoded strings are distorted by the service my application needs to use. Can anyone think of another solution?

EDIT: The solution I mention is not working for me, because the Base64 encoded string string it creates contains "+". The service with which I pass this query string does not correctly handle "+", and I cannot even encode the URL in "% 2B". I suppose I can replace "_". However, I was wondering if there was another solution completely.

EDIT 2: To be more clear, the solution I am referring to works, but I was curious about alternative solutions.

+3

query-string .net asp.net asp.net-mvc

royco Dec 03 '09 at 6:48

source share

3 answers

Muhammad akhtar · Answer 1 · 2009-12-03T06:53:51+0000

you can encrypt your querystring value and then pass it and use it, just decrypt it. Also check out these articles ... how-to-encrypt-query-string-parameters-in-asp-net

http://www.codeproject.com/KB/web-security/QueryStringEncryptionNET.aspx

Michael Gattuso · Answer 2 · 2009-12-03T06:53:13+0000

Basically a duplicate: Security with QueryString values in Asp.net MVC

- , , , .

Zo Has · Answer 3 · 2014-11-06T05:22:29+0000

. , , , URL- .

,

const string secretKey = "%%YoUrSeCrEtKeY##";

     public static string CreateTamperProofUrl(string pageUrl)
    {
        try
        {
            return HttpUtility.UrlEncode(CreateDigest(pageUrl.Trim()));
        }
        catch (Exception)
        {
            throw;
        }
    }

    private static string CreateDigest(string pageUrl)
    {
        string urlToEncode = secretKey + pageUrl + secretKey;
        var hasher = new MD5CryptoServiceProvider();
        var encoder = new UTF8Encoding();

        byte[] hashedDataBytes = hasher.ComputeHash(encoder.GetBytes(urlToEncode));
        string signatureData = Convert.ToBase64String(hashedDataBytes);

        return signatureData;
    }

    public static bool IsValidDigest(string pageUrl, string receivedDigest)
    {
        if (receivedDigest == null)
        {
            return false;
        }

        string expectedDigest = CreateDigest(pageUrl);
        if (string.Compare(receivedDigest, expectedDigest) != 0)
        {
            return false;
        }
        else
            return true;
    }

    if (!Page.IsPostBack)
        {
            if (Request.QueryString["Digest"] != null)
            {
                // compare the digest
                string id = Request.QueryString["fid"];
                string digest = Request.QueryString["Digest"];

                if (Utility.IsValidDigest(id, digest))
                {
                    lblStatus.ForeColor = System.Drawing.Color.DarkGreen;
                    lblStatus.Text = "Valid digest received";
                }
                else
                {
                    lblStatus.ForeColor = System.Drawing.Color.Red;
                    lblStatus.Text = "Url is tampered!";
                }

            }
   }

How can I make a line of proof of a request?

More articles: