The main idea of building a ASP.NET website is to provide security. Keeping this in mind i have written an encryption class where we can encrypt a particular url and hide the parameter value.
For ex : abc.aspx?id=2 will be encrypted to abc.aspx?id=[encrypted value].
Note:
To protect your site from errors or sql injections better pass the queries as stored procedures.
Here is the class for encryption :
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Collections.Specialized;
using System.Collections;
/// <summary>
/// Summary description for QueryStringEncDecryption
/// </summary>
public class QueryStringEncDecryption : NameValueCollection
{
private string document;
public string Document
{
get
{
return document;
}
}
public QueryStringEncDecryption()
{
//
// TODO: Add constructor logic here
//
}
public QueryStringEncDecryption(NameValueCollection clone)
: base(clone)
{
}
public static QueryStringEncDecryption FromCurrent()
{
return FromUrl(HttpContext.Current.Request.Url.AbsoluteUri);
}
public static QueryStringEncDecryption FromUrl(string url)
{
string[] parts = url.Split("?".ToCharArray());
QueryStringEncDecryption qs = new QueryStringEncDecryption();
qs.document = parts[0];
if (parts.Length == 1)
return qs;
string[] keys = parts[1].Split("&".ToCharArray());
foreach (string key in keys)
{
string[] part = key.Split("=".ToCharArray());
if (part.Length == 1)
qs.Add(part[0], "");
qs.Add(part[0], part[1]);
}
return qs;
}
public void ClearAllExcept(string except)
{
ClearAllExcept(new string[] { except });
}
public void ClearAllExcept(string[] except)
{
ArrayList toRemove = new ArrayList();
foreach (string s in this.AllKeys)
{
foreach (string e in except)
{
if (s.ToLower() == e.ToLower())
if (!toRemove.Contains(s))
toRemove.Add(s);
}
}
foreach (string s in toRemove)
this.Remove(s);
}
public override void Add(string name, string value)
{
if (this[name] != null)
this[name] = value;
else
base.Add(name, value);
}
public override string ToString()
{
return ToString(false);
}
public string ToString(bool includeUrl)
{
string[] parts = new string[this.Count];
string[] keys = this.AllKeys;
for (int i = 0; i < keys.Length; i++)
parts[i] = keys[i] + "=" + HttpContext.Current.Server.UrlEncode(this[keys[i]]);
string url = String.Join("&", parts);
if ((url != null || url != String.Empty) && !url.StartsWith("?"))
url = "?" + url;
if (includeUrl)
url = this.document + url;
return url;
}
}
This is just the prieview of the encryption class. We will also be having an other class for Encryption which i'm posting as an attachment. Using these two classes you can encrypt ur URL.