In this article I will explain how to encrypt QueryString Parameter values and pass it to another page and then decrypt the encrypted QueryString Parameter values in ASP.Net using C# and VB.Net.
The QueryString Parameter values will be first encrypted using AES Symmetric key (Same key) algorithm, encoded (as the encrypted output might contain some special characters) and then will be sent to next page. On the destination page the QueryString Parameter values will be first decoded and then decrypted using AES Algorithm using the same key that was used for encryption.
 
HTML Markup
Page 1
The following HTML Markup consists of a TextBox, a DropDownList and a Button. The value from the TextBox and the DropDownLists will be encrypted and send using QueryString Parameters to the next page on Button click.
<table border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td>
            Name:
        </td>
        <td>
            <asp:TextBox ID="txtName" runat="server" Text="Mudassar Khan" />
        </td>
    </tr>
    <tr>
        <td>
            Technology:
        </td>
        <td>
            <asp:DropDownList ID = "ddlTechnology" runat="server">
                <asp:ListItem Text="ASP.Net" Value = "ASP.Net" />
                <asp:ListItem Text="PHP" Value = "PHP" />
                <asp:ListItem Text="JSP" Value = "JSP" />
            </asp:DropDownList>
        </td>
    </tr>
</table>
<hr />
<asp:Button ID="Button1" Text="Submit" runat="server" OnClick = "Submit" />

 
Page 2
The following HTML Markup consists of two Label controls which will be used to display the QueryString Parameter values received on the page.
<table border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td>
            Name:
        </td>
        <td>
            <asp:Label ID="lblName" runat="server" Text="" />
        </td>
    </tr>
    <tr>
        <td>
            Technology:
        </td>
        <td>
            <asp:Label ID="lblTechnology" runat="server" Text="" />
        </td>
    </tr>
</table>

 

 
Namespaces
You will need to import the following namespaces.
C#
using System.IO;
using System.Text;
using System.Security.Cryptography;
 
VB.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography

 

 
AES Algorithm Encryption and Decryption functions
Below are the functions for Encryption and Decryption which will be used for the Encrypting or Decrypting QueryString Parameter Values.
Note: The following functions have been explained in the article AES Encryption Decryption (Cryptography) Tutorial with example in ASP.Net using C# and VB.Net

 

 
Encrypting the QueryString Parameter Values
When the Button is clicked the following event handler is executed. Here the values of the TextBox and the DropDownList are first encrypted using the AES Symmetric Key Algorithm and then encoded using the UrlEncode method of the HttpUtility class. Finally these values are sent as QueryString Parameters to the next page.
Note: Here Encoding is required as the Encrypted string contains special characters and it is necessary to encode special characters before sending them as QueryString parameter.
C#
protected void Submit(object sender, EventArgs e)
{
    string name = HttpUtility.UrlEncode(Encrypt(txtName.Text.Trim()));
    string technology = HttpUtility.UrlEncode(Encrypt(ddlTechnology.SelectedItem.Value));
    Response.Redirect(string.Format("~/CS2.aspx?name={0}&technology={1}", name, technology));
}
 
private string Encrypt(string clearText)
{
    string EncryptionKey = "MAKV2SPBNI99212";
    byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
    using (Aes encryptor = Aes.Create())
    {
        Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
        encryptor.Key = pdb.GetBytes(32);
        encryptor.IV = pdb.GetBytes(16);
        using (MemoryStream ms = new MemoryStream())
        {
            using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
            {
                cs.Write(clearBytes, 0, clearBytes.Length);
                cs.Close();
            }
            clearText = Convert.ToBase64String(ms.ToArray());
        }
    }
    return clearText;
}

 
VB.Net
Protected Sub Submit(sender As Object, e As EventArgs)
    Dim name As String = HttpUtility.UrlEncode(Encrypt(txtName.Text.Trim()))
    Dim technology As String = HttpUtility.UrlEncode(Encrypt(ddlTechnology.SelectedItem.Value))
    Response.Redirect(String.Format("~/VB2.aspx?name={0}&technology={1}", name, technology))
End Sub
 
Private Function Encrypt(clearText As String) As String
    Dim EncryptionKey As String = "MAKV2SPBNI99212"
    Dim clearBytes As Byte() = Encoding.Unicode.GetBytes(clearText)
    Using encryptor As Aes = Aes.Create()
        Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, _
         &H65, &H64, &H76, &H65, &H64, &H65, _
         &H76})
        encryptor.Key = pdb.GetBytes(32)
        encryptor.IV = pdb.GetBytes(16)
        Using ms As New MemoryStream()
            Using cs As New CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)
                cs.Write(clearBytes, 0, clearBytes.Length)
                cs.Close()
            End Using
            clearText = Convert.ToBase64String(ms.ToArray())
        End Using
    End Using
    Return clearText
End Function

 

 
Decrypting the QueryString Parameter Values
In the Page Load event of the page, the values of the TextBox and DropDownList sent from the previous page are first fetched from the QueryString Parameters and then are decoded using the UrlDecode method of the HttpUtility class.
After decoding the string is decrypted using the AES Symmetric Key Algorithm and then the decrypted values are displayed using Label controls.
C#
protected void Page_Load(object sender, EventArgs e)
{
    if (!this.IsPostBack)
    {
        lblName.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString["name"]));
        lblTechnology.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString["technology"]));
    }
}
 
private string Decrypt(string cipherText)
{
    string EncryptionKey = "MAKV2SPBNI99212";
    cipherText = cipherText.Replace(" ", "+");
    byte[] cipherBytes = Convert.FromBase64String(cipherText);
    using (Aes encryptor = Aes.Create())
    {
        Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
        encryptor.Key = pdb.GetBytes(32);
        encryptor.IV = pdb.GetBytes(16);
        using (MemoryStream ms = new MemoryStream())
        {
            using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
            {
                cs.Write(cipherBytes, 0, cipherBytes.Length);
                cs.Close();
            }
            cipherText = Encoding.Unicode.GetString(ms.ToArray());
        }
    }
    return cipherText;
}

 
VB.Net
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
    If Not Me.IsPostBack Then
        lblName.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString("name")))
        lblTechnology.Text = Decrypt(HttpUtility.UrlDecode(Request.QueryString("technology")))
    End If
End Sub
 
Private Function Decrypt(cipherText As String) As String
    Dim EncryptionKey As String = "MAKV2SPBNI99212"
    cipherText = cipherText.Replace(" ", "+")
    Dim cipherBytes As Byte() = Convert.FromBase64String(cipherText)
    Using encryptor As Aes = Aes.Create()
        Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, _
         &H65, &H64, &H76, &H65, &H64, &H65, _
         &H76})
        encryptor.Key = pdb.GetBytes(32)
        encryptor.IV = pdb.GetBytes(16)
        Using ms As New MemoryStream()
            Using cs As New CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write)
                cs.Write(cipherBytes, 0, cipherBytes.Length)
                cs.Close()
            End Using
            cipherText = Encoding.Unicode.GetString(ms.ToArray())
        End Using
    End Using
    Return cipherText
End Function

 
Encrypt and Decrypt QueryString Parameter Values in ASP.Net using C# and VB.Net

Encrypt and Decrypt QueryString Parameter Values in ASP.Net using C# and VB.Net

 
Demo
 
Downloads