Encryption \ Decryption URL transfer parameters in the Web system.

Source: Internet
Author: User
Tags decrypt
web| Encryption | Decryption network Many people are asking how to implement Web System URL transfer (form submission) parameter encryption. For example: To do a user account editing, to pass the user's id,url as follows: http://localhost/mysystem/editAccounts.aspx?ID=2
But do not want to let others know that the user ID is 2, malicious users may also change 2 to another user ID.
The parameter values passed by encryption can solve the problem.
The following is the base class of DEC encryption and decryption that you wrote.

FileName: Security.CS

Using System;
Using System.Security.Cryptography;
Using System.IO;
Using System.Text;

Namespace EIP. Framework
{
///
A summary description of the security.
The security class implements encryption and decryption under the. NET Framework.
CopyRight kangsoft@hotmail.com@hotmail.com@hotmail.com
///
public class Security
{
String _querystringkey = "ABCDEFGH"; URL Transport parameter Encryption key
String _passwordkey = "HGFEDCBA"; Password encryption key

Public Security ()
{
//
TODO: Add constructor logic here
//
}

///
Encrypted string for URL transmission
///
///
///
public string encryptquerystring (string querystring)
{
Return Encrypt (Querystring,_querystringkey);
}

///
Decrypting a string transmitted by a URL
///
///
///
public string decryptquerystring (string querystring)
{
Return Decrypt (Querystring,_querystringkey);
}

///
Encrypt account password
///
///
///
public string Encryptpassword (string PassWord)
{
Return Encrypt (Password,_passwordkey);
}

///
Decrypt account password
///
///
///
public string Decryptpassword (string PassWord)
{
Return Decrypt (Password,_passwordkey);
}

///
DEC Encryption Process
///
///
///
///
public string Encrypt (String ptoencrypt,string sKey)
{
DESCryptoServiceProvider des = new DESCryptoServiceProvider (); Put the string in the byte array

byte[] Inputbytearray = Encoding.Default.GetBytes (Ptoencrypt);
Byte[] Inputbytearray=encoding.unicode.getbytes (ptoencrypt);

Des. Key = ASCIIEncoding.ASCII.GetBytes (SKey); Establish keys and offsets for encrypted objects
DES.IV = ASCIIEncoding.ASCII.GetBytes (SKey); GetBytes method of using Asciiencoding.ascii method in original text
MemoryStream ms = new MemoryStream (); Make input password must enter English text
CryptoStream cs = new CryptoStream (ms,des. CreateEncryptor (), cryptostreammode.write);

Cs. Write (Inputbytearray, 0, inputbytearray.length);
Cs. FlushFinalBlock ();

StringBuilder ret = new StringBuilder ();
foreach (Byte b in Ms.) ToArray ())
{
Ret. AppendFormat ("{0:x2}", b);
}
Ret. ToString ();
return ret. ToString ();
}

///
DEC decryption Process
///
///
///
///
public string Decrypt (string ptodecrypt, String SKey)
{
DESCryptoServiceProvider des = new DESCryptoServiceProvider ();

byte[] Inputbytearray = new BYTE[PTODECRYPT.LENGTH/2];
for (int x = 0; x < PTODECRYPT.LENGTH/2 + +)
{
int i = (Convert.ToInt32 (ptodecrypt.substring (x * 2, 2), 16));
INPUTBYTEARRAY[X] = (byte) i;
}

Des. Key = ASCIIEncoding.ASCII.GetBytes (SKey); Establishes the key and offset for the encrypted object, which is important and cannot be modified
DES.IV = ASCIIEncoding.ASCII.GetBytes (SKey);
MemoryStream ms = new MemoryStream ();
CryptoStream cs = new CryptoStream (MS, Des. CreateDecryptor (), cryptostreammode.write);

Cs. Write (Inputbytearray, 0, inputbytearray.length);
Cs. FlushFinalBlock ();

StringBuilder ret = new StringBuilder (); To create a Stringbuild object, Createdecrypt uses a stream object and must turn the decrypted text into a stream object

Return System.Text.Encoding.Default.GetString (Ms. ToArray ());
}

///
Check if the encrypted string is the same as the original
///
///
///
///
///
public bool Validatestring (string enstring, string fostring, int Mode)
{
Switch (Mode)
{
Default
Case 1:
if (Decrypt (enstring,_querystringkey) = = Fostring.tostring ())
{
return true;
}
Else
{
return false;
}
Case 2:
if (Decrypt (enstring,_passwordkey) = = Fostring.tostring ())
{
return true;
}
Else
{
return false;
}
}
}
}
}

A different key is used for the URL and account encryption in the class. The call URL encryption process is as follows:
Eip. Framework.security objsecurity = new EIP. Framework.security ();
Objsecurity.encryptquerystring (' Strings to be encrypted ');

Decryption: objsecurity.decryptquerystring (' passed parameters ');



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.