Encrypting URL

The main idea of building a ASP.NET website is to provide security. Keeping this in mind i have written an encryption class where we can encrypt  a particular url  and hide the parameter value.

For ex : abc.aspx?id=2  will be encrypted to abc.aspx?id=[encrypted value].

Note: 

To protect your site from errors or sql injections better pass the queries as stored procedures.

Here is the class for encryption :

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Collections.Specialized;

using System.Collections;
/// <summary>
/// Summary description for QueryStringEncDecryption
/// </summary>
public class QueryStringEncDecryption : NameValueCollection
{
    private string document;

    public string Document
    {
        get
        {
            return document;
        }
    }
 public QueryStringEncDecryption()
 {
  //
  // TODO: Add constructor logic here
  //
 }
    public QueryStringEncDecryption(NameValueCollection clone)
        : base(clone)

        {

        }
    public static QueryStringEncDecryption FromCurrent()
    {
        return FromUrl(HttpContext.Current.Request.Url.AbsoluteUri);
    }
    public static QueryStringEncDecryption FromUrl(string url)
    {

        string[] parts = url.Split("?".ToCharArray());

        QueryStringEncDecryption qs = new QueryStringEncDecryption();

        qs.document = parts[0];

 

        if (parts.Length == 1)

            return qs;

 

        string[] keys = parts[1].Split("&".ToCharArray());

        foreach (string key in keys)
        {

            string[] part = key.Split("=".ToCharArray());

            if (part.Length == 1)

                qs.Add(part[0], "");

            qs.Add(part[0], part[1]);

        }

 

        return qs;

    }

 

    public void ClearAllExcept(string except)
    {

        ClearAllExcept(new string[] { except });

    }

 

    public void ClearAllExcept(string[] except)
    {

        ArrayList toRemove = new ArrayList();

        foreach (string s in this.AllKeys)
        {

            foreach (string e in except)
            {

                if (s.ToLower() == e.ToLower())

                    if (!toRemove.Contains(s))

                        toRemove.Add(s);

            }

        }

 

        foreach (string s in toRemove)

            this.Remove(s);

    }

 

    public override void Add(string name, string value)
    {

        if (this[name] != null)

            this[name] = value;

        else

            base.Add(name, value);

    }

 

    public override string ToString()
    {

        return ToString(false);

    }

 

    public string ToString(bool includeUrl)
    {

        string[] parts = new string[this.Count];

        string[] keys = this.AllKeys;

        for (int i = 0; i < keys.Length; i++)

            parts[i] = keys[i] + "=" + HttpContext.Current.Server.UrlEncode(this[keys[i]]);

        string url = String.Join("&", parts);

        if ((url != null || url != String.Empty) && !url.StartsWith("?"))

            url = "?" + url;

        if (includeUrl)

            url = this.document + url;

        return url;

    }
}

This is just the prieview of the encryption class. We will also be having an other class for Encryption which i'm posting as an attachment. Using these two classes you can encrypt ur URL.

 

Attachment: Encrypt.zip
Published Wednesday, November 14, 2007 8:44 AM by ostwald
Filed under:

Comments

# re: Encrypting URL

Wednesday, November 14, 2007 8:30 AM by Kazi Manzur Rashid

Check it out.

# re: Encrypting URL

Wednesday, November 14, 2007 8:45 AM by Nawaf227

Nice work,

although your code looks clear, but it would be much better if you first explain your approach and then add more comments to the code.

Thanks

# re: Encrypting URL

Wednesday, November 14, 2007 10:57 AM by Glenn

Surya,

Nice coding, but I would have to advise against putting any kind of important information like that in the URL.  Even encrypted, it's not the best place for it.

# re: Encrypting URL

Sunday, December 09, 2007 11:18 PM by ostwald

Hey glenn,

I would advice the same.We must not send any information through url. I just wanted to clarify that even though we send the info , we must send it in a hackproof encrypted format.

# re: Encrypting URL

Monday, December 29, 2008 10:50 AM by nick_ourelm

www.message_ricoloracer.com

# re: Encrypting URL

Sunday, May 17, 2009 9:34 AM by nick_dronsi

www.message_acacvib.com

# re: Encrypting URL

Monday, March 22, 2010 10:09 AM by Mina

How are you. Art is science made clear. Help me! I find sites on the topic: Online brokerage service. I found only this - <a href="www.fleuve-charente.net/.../OnlineBrokerage">online brokerages</a>. This trading implies the rabies to this death, online brokerage. Time market is designated in clayton, online brokerage. Waiting for a reply :eek:, Mina from Congo.

Leave a Comment

(required) 
(required) 
(optional)
(required)