Encryption \ Decryption URL transfer parameters in the Web system.

Last Update:2017-02-28 Source: Internet

Author: User

Tags decrypt

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

web| Encryption | Decryption network Many people are asking how to implement Web System URL transfer (form submission) parameter encryption. For example: To do a user account editing, to pass the user's id,url as follows: http://localhost/mysystem/editAccounts.aspx?ID=2
But do not want to let others know that the user ID is 2, malicious users may also change 2 to another user ID.
The parameter values passed by encryption can solve the problem.
The following is the base class of DEC encryption and decryption that you wrote.

FileName: Security.CS

Using System;
Using System.Security.Cryptography;
Using System.IO;
Using System.Text;

Namespace EIP. Framework
{
///
A summary description of the security.
The security class implements encryption and decryption under the. NET Framework.
CopyRight kangsoft@hotmail.com@hotmail.com@hotmail.com
///
public class Security
{
String _querystringkey = "ABCDEFGH"; URL Transport parameter Encryption key
String _passwordkey = "HGFEDCBA"; Password encryption key

Public Security ()
{
//
TODO: Add constructor logic here
//
}

///
Encrypted string for URL transmission
///
///
///
public string encryptquerystring (string querystring)
{
Return Encrypt (Querystring,_querystringkey);
}

///
Decrypting a string transmitted by a URL
///
///
///
public string decryptquerystring (string querystring)
{
Return Decrypt (Querystring,_querystringkey);
}

///
Encrypt account password
///
///
///
public string Encryptpassword (string PassWord)
{
Return Encrypt (Password,_passwordkey);
}

///
Decrypt account password
///
///
///
public string Decryptpassword (string PassWord)
{
Return Decrypt (Password,_passwordkey);
}

///
DEC Encryption Process
///
///
///
///
public string Encrypt (String ptoencrypt,string sKey)
{
DESCryptoServiceProvider des = new DESCryptoServiceProvider (); Put the string in the byte array

byte[] Inputbytearray = Encoding.Default.GetBytes (Ptoencrypt);
Byte[] Inputbytearray=encoding.unicode.getbytes (ptoencrypt);

Des. Key = ASCIIEncoding.ASCII.GetBytes (SKey); Establish keys and offsets for encrypted objects
DES.IV = ASCIIEncoding.ASCII.GetBytes (SKey); GetBytes method of using Asciiencoding.ascii method in original text
MemoryStream ms = new MemoryStream (); Make input password must enter English text
CryptoStream cs = new CryptoStream (ms,des. CreateEncryptor (), cryptostreammode.write);

Cs. Write (Inputbytearray, 0, inputbytearray.length);
Cs. FlushFinalBlock ();

StringBuilder ret = new StringBuilder ();
foreach (Byte b in Ms.) ToArray ())
{
Ret. AppendFormat ("{0:x2}", b);
}
Ret. ToString ();
return ret. ToString ();
}

///
DEC decryption Process
///
///
///
///
public string Decrypt (string ptodecrypt, String SKey)
{
DESCryptoServiceProvider des = new DESCryptoServiceProvider ();

byte[] Inputbytearray = new BYTE[PTODECRYPT.LENGTH/2];
for (int x = 0; x < PTODECRYPT.LENGTH/2 + +)
{
int i = (Convert.ToInt32 (ptodecrypt.substring (x * 2, 2), 16));
INPUTBYTEARRAY[X] = (byte) i;
}

Des. Key = ASCIIEncoding.ASCII.GetBytes (SKey); Establishes the key and offset for the encrypted object, which is important and cannot be modified
DES.IV = ASCIIEncoding.ASCII.GetBytes (SKey);
MemoryStream ms = new MemoryStream ();
CryptoStream cs = new CryptoStream (MS, Des. CreateDecryptor (), cryptostreammode.write);

Cs. Write (Inputbytearray, 0, inputbytearray.length);
Cs. FlushFinalBlock ();

StringBuilder ret = new StringBuilder (); To create a Stringbuild object, Createdecrypt uses a stream object and must turn the decrypted text into a stream object

Return System.Text.Encoding.Default.GetString (Ms. ToArray ());
}

///
Check if the encrypted string is the same as the original
///
///
///
///
///
public bool Validatestring (string enstring, string fostring, int Mode)
{
Switch (Mode)
{
Default
Case 1:
if (Decrypt (enstring,_querystringkey) = = Fostring.tostring ())
{
return true;
}
Else
{
return false;
}
Case 2:
if (Decrypt (enstring,_passwordkey) = = Fostring.tostring ())
{
return true;
}
Else
{
return false;
}
}
}
}
}

A different key is used for the URL and account encryption in the class. The call URL encryption process is as follows:
Eip. Framework.security objsecurity = new EIP. Framework.security ();
Objsecurity.encryptquerystring (' Strings to be encrypted ');

Decryption: objsecurity.decryptquerystring (' passed parameters ');

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More