Most of times we tend to pass information between different web pages in the application with the help of query string. However query string offers direct visibility to the end user about the parameters your page might be expecting. If some one modifies your query string and pass the information to the page , it could become a potential security threat.
/technade.aspx/ID=123&Query=select
There are lot of ways you can normally encrypt your query string. But most of them don't help you in encrypting your query parameter. They only encrypt your values. However if someone tries with different algorithms, it could again lead to a security breach unless you did some very good exception handling.
/technade.aspx/ID=s1kokkkh1kjn&Query=kjoiujooijoi
If you encrypt your query string, everytime you want to access in your values, you have to decode it and access it. If you had already written some code, there is a great impact that you will have to adapt your code after the implementation. What if there is a way where you display in encrypted format to the user but for the code its still the same ?
What I mean is :
The user sees this
?Technade=VXzal017xHwKKPolDWQ
while your code sees
ID=123&Query=select and accesses it through Request.querystring["ID"]....
How to encrypt your query string in ASP.NET with the help of HTTP Module ?
Before we dive in, let me explain you what this HTTP module is !!
HTTP modules are one among the series of extensible objects that could be initiated by ASP.NET runtime to process a request. They are filters that can pre and post-process requests as they pass through the HTTP pipeline Many of the services provided in ASP.NET are exposed as HTTP modules esp the ones related to security.
So How do we use HTTP module for encrypting and decrypting query strings ?
Download the source code for the file here.
The source file in the above link contains the code for encryption and decryption of the query string.
How to use it ?
- Include the file in your project and change the namespace accordingly.
- Once you included the file in your project, please add the following tag to your Web.config in your
section.
<httpModules>
<add name="EncryptDecryptModule" type=" Technade.Web.Core.Application.EncryptDecrypt"/> httpModules> - Make sure that you included correct type in the above line.
You will find the following line in the source code.
// Encrypt the query string and redirects to the encrypted URL.
// Remove if you don't want all query strings to be encrypted automatically.
string encryptedQuery = Encrypt(query);
Remove the line and the query strings will not be automatically encrypted. Instead you will have to call everytime manually as below whenever you want .
string querystring = EncryptDecrypt.Encrypt( "ID=123&query=select" );
But the decryption is automatic as it always checks for the encryption key that is appended before the query string in the code. So if the encryption key exists ,it will decrypt or else it will let it remain as it is. The file has been documented to a good extent. So it should not be too difficult for you to understand how it works.
Love ASP.NET tips ? For more Subscribe here or click here to get updates via email
11 comments:
Works as designed but urls are exposed in asp:hyperlinks and asp:imagebutton etc.
I have changed the file as:
//namespace Technade.Web.Core.Application
//{
public class EncryptDecrypt : IHttpModule
{
---
---
---
}
//}
I have added the file in APP_CODE and had added the following line in web.config:
However this does not work.
Please help!
Did you use encrypt and decrypt function in your code ?
works for me! but this does not work when the postback event happens, do you have an idea on how to solve this??
my code works fine in local server but when deployed to the server it doesnt show the encrypted value..rather displays the actual value..how can i solve this problem
Could not load type ' Technade.Web.Core.Application.EncryptDecrypt'. (C:\Users\nk\CDSL\web.config line 73)
what i did mistake.
Could not load type ' Technade.Web.Core.Application.EncryptDecrypt'. (C:\Users\nk\CDSL\web.config line 73)
what i did mistake.
my web.config is
Nhan sam la mot trong nhung loai thao duoc tu nhien, co mat o rat nhieu quoc gia tren the gioi nhu Nhat Ban, Han Quoc, Hoa Ki... Trong cac loai gia hong sam han quoc ke tren thi nhan sam han quoc luon duoc hang trieu nguoi tren khap the gioi san lung va tim kiem boi nhung gia tri tuyet voi.
nuoc hong sam là một trong những loại thảo dược tự nhiên, có mặt ở rất nhiều quốc gia trên thế giới như Nhật Bản nước hồng sâm, Hàn Quốc, Hoa Kì... Trong các loại nhân sâm kể trên thì nhân sâm hàn quốc luôn được hàng triệu người trên khắp nước hồng sâm hàn quốc thế giới săn lùng và tìm kiếm bởi những giá trị tuyệt vời. Từ xưa đến nay những nuoc hong sam han quoc công dụng của loại nhân sâm này vẫn được mọi người lưu truyền và ứng dụng vào trong đời sống đặc biệt là chăm sóc sức khỏe của con người nước sâm hàn quốc. Củ nhân sâm Hàn Quốc chính là nhân sâm Hàn Quốc ở dạng tươi chưa qua sơ chế thành các sản phẩm. nuoc sam han quoc có những vai trò và tác dụng vô cùng to lớn đối với con người.
Sâm tươi hàn quốc: Tuyệt đối không nên ăn nhân sâm cùng với nho hoặc rượu vang: bởi vì trong nho có nhiều axit tannic khiến cho hàm lượng protein trong nhân sâm kết hợp và tạo thành kết tủa, sẽ dẫn đến khó tiêu, ảnh hưởng đến việc hấp thụ nhân sâm và giảm hiệu quả của nhân sâm.
Nguồn: ** https://samyennhatminh.com/nhan-sam-tuoi-han-quoc
Brand Spotlight presents useful, valuable information from select sponsors on these pages. Enter your full name, date of delivery, cell quantity, email, and ZIP code, create a password, and tick the box to substantiate you might be} of authorized playing age. There’s no cellphone line, and whereas the stay chat is tremendous responsive, email replies can take a lot as} 72 hours. If you use a credit card to affix the location, you might be} eligible for a nine-tier welcome bundle going a lot as} $5,000. And then there's the Hot Drop Jackpots part, where find 카지노 사이트 a way to|you probably can} be a part of the hunt on hourly and day by day jackpots or take it all with the Super Jackpots reaching $250,000. From the principle menu within the Help part, find a way to|you probably can} hit the support agents up using email or stay chat, 24/7, any day of the 12 months.
Post a Comment