1. 首頁
  2. 問答
  3. 如何在asp.net中加密查詢字符串?

如何在asp.net中加密查詢字符串?

2008-10-27 75 views

回答

6

這裏是一個辦法做到這一點在VB來源:http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx

包裝的加密代碼:通過你的查詢字符串參數到這一點,並更改關鍵!

Private _key as string = "!#$a54?3" 
Public Function encryptQueryString(ByVal strQueryString As String) As String 
    Dim oES As New ExtractAndSerialize.Encryption64() 
    Return oES.Encrypt(strQueryString, _key) 
End Function 

Public Function decryptQueryString(ByVal strQueryString As String) As String 
    Dim oES As New ExtractAndSerialize.Encryption64() 
    Return oES.Decrypt(strQueryString, _key) 
End Function

加密代碼:

Imports System 
Imports System.IO 
Imports System.Xml 
Imports System.Text 
Imports System.Security.Cryptography 

Public Class Encryption64 
    Private key() As Byte = {} 
    Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF} 

    Public Function Decrypt(ByVal stringToDecrypt As String, _ 
     ByVal sEncryptionKey As String) As String 
     Dim inputByteArray(stringToDecrypt.Length) As Byte 
     Try 
      key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8)) 
      Dim des As New DESCryptoServiceProvider() 
      inputByteArray = Convert.FromBase64String(stringToDecrypt) 
      Dim ms As New MemoryStream() 
      Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), _ 
       CryptoStreamMode.Write) 
      cs.Write(inputByteArray, 0, inputByteArray.Length) 
      cs.FlushFinalBlock() 
      Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8 
      Return encoding.GetString(ms.ToArray()) 
     Catch e As Exception 
      Return e.Message 
     End Try 
    End Function 

    Public Function Encrypt(ByVal stringToEncrypt As String, _ 
     ByVal SEncryptionKey As String) As String 
     Try 
      key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8)) 
      Dim des As New DESCryptoServiceProvider() 
      Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(_ 
       stringToEncrypt) 
      Dim ms As New MemoryStream() 
      Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), _ 
       CryptoStreamMode.Write) 
      cs.Write(inputByteArray, 0, inputByteArray.Length) 
      cs.FlushFinalBlock() 
      Return Convert.ToBase64String(ms.ToArray()) 
     Catch e As Exception 
      Return e.Message 
     End Try 
    End Function 

End Class

來源

2008-10-27 17:33:39

+1

這幾乎可行。我改變了這兩行: 返回Server.UrlEncode(enc64.Encrypt(qs,_key)) 和 返回Server.UrlDecode(enc64.Decrypt(qs,_key)) 並且不打擾Replace(「 ,「+」) – 2008-10-27 18:21:11

+0

此外,用法(哦,我希望如何編輯): 加密: Dim myQS = EncryptQueryString(「id = 12345&year = 2008」) Response.Redirect(String.Format(「Default.aspx ?q = {0}「,myQS)) Decrypting: Dim myQS As String = DecryptQueryString(Request.QueryString(」q「)) – 2008-10-27 18:32:12

0

我不能給你一個關鍵的解決方案,但是你應該避免使用TripleDES,因爲它是not as secure as other encryption methods

如果我這樣做,我只是把整個URL(域和查詢字符串)作爲URI object,與built-in .NET libraries的一個進行加密,並提供其作爲該crypt對象。當我需要解密它時,請執行此操作,然後創建一個新的URI對象,該對象可讓您將所有內容都從原始查詢字符串中取出。

來源

2008-10-27 17:28:08 swilliams

-1

爲什麼你想你的查詢字符串加密?如果數據很敏感,則應該使用SSL。如果您擔心有人在查看用戶的肩膀,請使用表單POST而不是GET。

我認爲很可能你的基本問題比加密查詢字符串有更好的解決方案。

來源

2008-10-27 17:39:35

0

下面是Brian上例中解密函數的一種花式版本,如果您只是將它用於QueryString,因爲它會返回NameValueCollection而不是字符串,您可以使用它。它還包含了一個小幅盤整布賴恩的例子將打破沒有

stringToDecrypt = stringToDecrypt.Replace(" ", "+")

如果有字符串中的任何「空間」字符解密:

Public Shared Function DecryptQueryString(ByVal stringToDecrypt As String, ByVal encryptionKey As String) As Collections.Specialized.NameValueCollection 
    Dim inputByteArray(stringToDecrypt.Length) As Byte 
    Try 
     Dim key() As Byte = System.Text.Encoding.UTF8.GetBytes(encryptionKey.Substring(0, encryptionKey.Length)) 
     Dim IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF} 
     Dim des As New DESCryptoServiceProvider() 
     stringToDecrypt = stringToDecrypt.Replace(" ", "+") 
     inputByteArray = Convert.FromBase64String(stringToDecrypt) 
     Dim ms As New MemoryStream() 
     Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write) 
     cs.Write(inputByteArray, 0, inputByteArray.Length) 
     cs.FlushFinalBlock() 
     Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8 
     Dim decryptedString As String = encoding.GetString(ms.ToArray()) 
     Dim nameVals() As String = decryptedString.Split(CChar("&")) 
     Dim queryString As New Collections.Specialized.NameValueCollection(nameVals.Length) 
     For Each nameValPair As String In nameVals 
      Dim pair() As String = nameValPair.Split(CChar("=")) 
      queryString.Add(pair(0), pair(1)) 
     Next 
     Return queryString 

    Catch e As Exception 
     Throw New Exception(e.Message) 
    End Try 
End Function

我希望你有所幫助!

來源

2008-10-27 17:59:10

0

我最初會同意Joseph Bui的觀點,理由是使用POST方法代替更高的處理器效率,web標準規定如果請求不改變服務器上的數據,GET方法應該是用過的。

這將是更多的代碼來加密數據比只使用POST。

來源

2008-10-27 18:07:08 smbarbour

相關問題

 相關問題