Encrypt and Decrypt QueryString Parameter Values in ASPNet using C and VBNet

In this article I will explain how to encrypt QueryString Parameter values and pass it to another page and then decrypt the encrypted QueryString Parameter values in ASP.Net using C# and VB.Net.

The QueryString Parameter values will be first encrypted using AES Symmetric key (Same key) algorithm, encoded (as the encrypted output might contain some special characters) and then will be sent to next page. On the destination page the QueryString Parameter values will be first decoded and then decrypted using AES Algorithm using the same key that was used for encryption.

HTML Markup

Page 1

The following HTML Markup consists of a TextBox, a DropDownList and a Button. The value from the TextBox and the DropDownLists will be encrypted and send using QueryString Parameters to the next page on Button click.

<tr>

<td>

Name:

</td>

<td>

<asp:TextBox ID="txtName" runat="server" Text="Mudassar Khan" />

</td>

</tr>

<tr>

<td>

Technology:

</td>

<td>

<asp:DropDownList ID = "ddlTechnology" runat="server">

<asp:ListItem Text="ASP.Net" Value = "ASP.Net" />

<asp:ListItem Text="PHP" Value = "PHP" />

<asp:ListItem Text="JSP" Value = "JSP" />

</asp:DropDownList>

</td>

</tr>

</table>

<hr />

<asp:Button ID="Button1" Text="Submit" runat="server" OnClick = "Submit" />

Page 2

The following HTML Markup consists of two Label controls which will be used to display the QueryString Parameter values received on the page.

<tr>

<td>

Name:

</td>

<td>

<asp:Label ID="lblName" runat="server" Text="" />

</td>

</tr>

<tr>

<td>

Technology:

</td>

<td>

<asp:Label ID="lblTechnology" runat="server" Text="" />

</td>

</tr>

</table>

Namespaces

You will need to import the following namespaces.

using System.IO;

using System.Text;

using System.Security.Cryptography;

VB.Net

Imports System.IO

Imports System.Text

Imports System.Security.Cryptography

AES Algorithm Encryption and Decryption functions

Below are the functions for Encryption and Decryption which will be used for the Encrypting or Decrypting QueryString Parameter Values.

Note: The following functions have been explained in the article AES Encryption Decryption (Cryptography) Tutorial with example in ASP.Net using C# and VB.Net

Encrypting the QueryString Parameter Values

When the Button is clicked the following event handler is executed. Here the values of the TextBox and the DropDownList are first encrypted using the AES Symmetric Key Algorithm and then encoded using the UrlEncode method of the HttpUtility class. Finally these values are sent as QueryString Parameters to the next page.

Note: Here Encoding is required as the Encrypted string contains special characters and it is necessary to encode special characters before sending them as QueryString parameter.

protected void Submit(object sender, EventArgs e)

{

string name = HttpUtility.UrlEncode(Encrypt(txtName.Text.Trim()));

string technology = HttpUtility.UrlEncode(Encrypt(ddlTechnology.SelectedItem.Value));

Response.Redirect(string.Format("~/CS2.aspx?name={0}&technology={1}", name, technology));

}

private string Encrypt(string clearText)

{

string EncryptionKey = "MAKV2SPBNI99212";

byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);

using (Aes encryptor = Aes.Create())

{

Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });

encryptor.Key = pdb.GetBytes(32);

encryptor.IV = pdb.GetBytes(16);

using (MemoryStream ms = new MemoryStream())

{

using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))

{

cs.Write(clearBytes, 0, clearBytes.Length);

cs.Close();

}

clearText = Convert.ToBase64String(ms.ToArray());

}

return clearText;

}

VB.Net

Protected Sub Submit(sender As Object, e As EventArgs)

Dim name As String = HttpUtility.UrlEncode(Encrypt(txtName.Text.Trim()))

Dim technology As String = HttpUtility.UrlEncode(Encrypt(ddlTechnology.SelectedItem.Value))

Response.Redirect(String.Format("~/VB2.aspx?name={0}&technology={1}", name, technology))

End Sub

Private Function Encrypt(clearText As String) As String

Dim EncryptionKey As String = "MAKV2SPBNI99212"

Dim clearBytes As Byte() = Encoding.Unicode.GetBytes(clearText)

Using encryptor As Aes = Aes.Create()

Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, _

&H65, &H64, &H76, &H65, &H64, &H65, _

&H76})

encryptor.Key = pdb.GetBytes(32)

encryptor.IV = pdb.GetBytes(16)

Using ms As New MemoryStream()

Using cs As New CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)

cs.Write(clearBytes, 0, clearBytes.Length)

cs.Close()

End Using

clearText = Convert.ToBase64String(ms.ToArray())

End Using

Return clearText

End Function

Decrypting the QueryString Parameter Values

In the Page Load event of the page, the values of the TextBox and DropDownList sent from the previous page are first fetched from the QueryString Parameters and then are decoded using the UrlDecode method of the HttpUtility class.

After decoding the string is decrypted using the AES Symmetric Key Algorithm and then the decrypted values are displayed using Label controls.

protected void Page_Load(object sender, EventArgs e)

{

if (!this.IsPostBack)

{

lblName.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString["name"]));

lblTechnology.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString["technology"]));

}

private string Decrypt(string cipherText)

{

string EncryptionKey = "MAKV2SPBNI99212";

cipherText = cipherText.Replace(" ", "+");

byte[] cipherBytes = Convert.FromBase64String(cipherText);

using (Aes encryptor = Aes.Create())

{

Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });

encryptor.Key = pdb.GetBytes(32);

encryptor.IV = pdb.GetBytes(16);

using (MemoryStream ms = new MemoryStream())

{

using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))

{

cs.Write(cipherBytes, 0, cipherBytes.Length);

cs.Close();

}

cipherText = Encoding.Unicode.GetString(ms.ToArray());

}

return cipherText;

}

VB.Net

Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load

If Not Me.IsPostBack Then

lblName.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString("name")))

lblTechnology.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString("technology")))

End If

End Sub

Private Function Decrypt(cipherText As String) As String

Dim EncryptionKey As String = "MAKV2SPBNI99212"

cipherText = cipherText.Replace(" ", "+")

Dim cipherBytes As Byte() = Convert.FromBase64String(cipherText)

Using encryptor As Aes = Aes.Create()

Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, _

&H65, &H64, &H76, &H65, &H64, &H65, _

&H76})

encryptor.Key = pdb.GetBytes(32)

encryptor.IV = pdb.GetBytes(16)

Using ms As New MemoryStream()

Using cs As New CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write)

cs.Write(cipherBytes, 0, cipherBytes.Length)

cs.Close()

End Using

cipherText = Encoding.Unicode.GetString(ms.ToArray())

End Using

Return cipherText

End Function

Encrypt and Decrypt QueryString Parameter Values in ASP.Net using C# and VB.Net

Demo

View Demo

Downloads

Download Code

Encrypt and Decrypt QueryString Parameter Values in ASP.Net using C# and VB.Net

Related

Ask Question

Company

Explore

Follow us

Contact Us