Encrypt value in Javascript & decrypt in serverside(C#)
I am redirecting to serverside from clientSideI want to encrypt the querystring passed from clientSide & decrypt it in server side
You must Sign In to post a response.
Category: JavaScript
I want to encrypt the querystring passed from clientSide & decrypt it in server side
#748527
Hi,
See the below link for the encryption of the url-
http://security.stackexchange.com/questions/64338/is-server-side-access-control-sufficient-or-should-i-encrypt-querystrings
http://aspforums.net/Threads/157206/Encrypt-value-in-Javascript-decrypt-in-serversideC/
http://forums.asp.net/t/1772334.aspx?How+to+Encrypt+Decrypt+Parameter+passing+with+URL+in+javascript
Thanks,
Ashutosh Jha
http://tricksroad.com
See the below link for the encryption of the url-
http://security.stackexchange.com/questions/64338/is-server-side-access-control-sufficient-or-should-i-encrypt-querystrings
http://aspforums.net/Threads/157206/Encrypt-value-in-Javascript-decrypt-in-serversideC/
http://forums.asp.net/t/1772334.aspx?How+to+Encrypt+Decrypt+Parameter+passing+with+URL+in+javascript
Thanks,
Ashutosh Jha
http://tricksroad.com
#748531
Here what you can do is while generating the querystring, you need to encrypt the querysting value using any of the encryption mechanism similarly once you get the url on the server side, decrypt it using the same decryption mechanism. You can use DESCryptoServiceProvider, CryptoStream to do this as shown in below link:
codeproject.com/Articles/33350/Encrypting-Query-Strings
Miss. Jain
Microsoft Certified Technology Specialist in .Net
codeproject.com/Articles/33350/Encrypting-Query-Strings
Miss. Jain
Microsoft Certified Technology Specialist in .Net
#748536
Hello,
To encrypt in JavaScript, use the following code:-
---------------------------------------------------
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js"></script>
<script>
var hash = CryptoJS.SHA1("Your_Query-String-Parameter");
</script>
---------------------------------------------------
With the above code, replace: "Your_Query-String-Parameter" with your real query string parameter value and then pass the variable "hash" with query string, as the converted to SHA1 parameter value.
At the server side, use the following code to decrypt the sha1 value passed by query string:-
-------------------------
-------------------------
Now call the above function by the following code:-
---------------------------
if ((Class1.ValidateQueryString(supplied_queryString_parameter, to_check_queryString_parameter) == true)) {
}
else {
}
---------------------------
With the above code, "supplied_queryString_parameter" is the sha1 parameter value which is coming after getting converted to sha1, by the JavaScript and the "to_check_queryString_parameter" is the non-sha1 parameter which you supply to check if your this "to_check_queryString_parameter" parameter's value is same as the sha1 parameter("supplied_queryString_parameter") value.
--------------------------------
Thanks,
ARIJIT DAS.
To encrypt in JavaScript, use the following code:-
---------------------------------------------------
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js"></script>
<script>
var hash = CryptoJS.SHA1("Your_Query-String-Parameter");
</script>
---------------------------------------------------
With the above code, replace: "Your_Query-String-Parameter" with your real query string parameter value and then pass the variable "hash" with query string, as the converted to SHA1 parameter value.
At the server side, use the following code to decrypt the sha1 value passed by query string:-
-------------------------
public static bool ValidateQueryString(string password, string saltedHash) {
// Extract hash and salt string
string saltString = saltedHash.Substring((saltedHash.Length - 24));
string hash1 = saltedHash.Substring(0, (saltedHash.Length - 24));
// Append the salt string to the password
string saltedPassword = (password + saltString);
// Hash the salted password
string hash2 = FormsAuthentication.HashPasswordForStoringInConfigFile(saltedPassword, "SHA1");
// Compare the hashes
return (hash1.CompareTo(hash2) == 0);
}-------------------------
Now call the above function by the following code:-
---------------------------
if ((Class1.ValidateQueryString(supplied_queryString_parameter, to_check_queryString_parameter) == true)) {
}
else {
}
---------------------------
With the above code, "supplied_queryString_parameter" is the sha1 parameter value which is coming after getting converted to sha1, by the JavaScript and the "to_check_queryString_parameter" is the non-sha1 parameter which you supply to check if your this "to_check_queryString_parameter" parameter's value is same as the sha1 parameter("supplied_queryString_parameter") value.
--------------------------------
Thanks,
ARIJIT DAS.
#748591
Try this sample code for Encrypting
Thanks & Regards
Anil Kumar Pandey
Microsoft MVP, DNS MVM
<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System.Text" %>
<script language="VB" runat="server">
Sub DisplayEncryptedText(sender as Object, e as EventArgs)
If Page.IsValid then
Dim md5Hasher as New MD5CryptoServiceProvider()
Dim hashedDataBytes as Byte()
Dim encoder as New UTF8Encoding()
hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text))
ltlResults.Text = "<b>Encrypted Results</b><br /> The results are encrypted into " & _
"an array of 16 bytes. These 16 bytes contain the values:<p><ul>"
Dim b as Byte
For Each b in hashedDataBytes
ltlResults.Text &= "<li>" & b & "</li>"
Next b
ltlResults.Text &= "</ul>"
End If
End Sub
</script>
<form runat="server">
Enter a string:
<asp:TextBox id="txtPassword" runat="server" />
<asp:RequiredFieldValidator runat="server" ControlToValidate="txtPassword"
Display="Dynamic" ErrorMessage="<i>You must provide a value here...</i>" />
<asp:RegularExpressionValidator runat="server" ControlToValidate="txtPassword"
Display="Dynamic" ErrorMessage="<i>The string must be 20 characters or less...</i>"
ValidationExpression="^.{1,20}$" />
<br />
<asp:Button runat="server" Text="View the String as Encrypted Text"
OnClick="DisplayEncryptedText" />
<p>
<asp:Literal runat="server" id="ltlResults" />
</form>
Thanks & Regards
Anil Kumar Pandey
Microsoft MVP, DNS MVM
#748698
Thanks All
@Arijit Das : After i encrypt in clientSide
Am trying to decrypt in serverside using the code below, but not able to decrypt .
I dont require 'saltedHash'. Because no comparison required.
public static bool ValidateQueryString(string password)
{
string hash2 = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1");
return true;
}
@Arijit Das : After i encrypt in clientSide
Am trying to decrypt in serverside using the code below, but not able to decrypt .
I dont require 'saltedHash'. Because no comparison required.
public static bool ValidateQueryString(string password)
{
string hash2 = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1");
return true;
}
Return to Return to Discussion Forum