C# 加密包含密钥的查询字符串
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9110561/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Encrypt Query String including keys
提问by formatc
I have an app that is using query string to pass some values around pages. I found few examples on how to encrypt values in query string, but the problem is that my KEYS tell more about query string then the values which are all integers converted to string.
我有一个应用程序使用查询字符串在页面周围传递一些值。我发现了一些关于如何加密查询字符串中的值的例子,但问题是我的 KEYS 告诉了更多关于查询字符串的信息,然后是所有转换为字符串的整数的值。
Is there a way to encrypt the whole query string in ASP.NET including keys and key values?
有没有办法在 ASP.NET 中加密整个查询字符串,包括键和键值?
Something like:
就像是:
Default.aspx?value1=40&value2=30&value3=20
to
到
Default.aspx?56sdf78fgh90sdf4564k34klog5646l
Thanks!
谢谢!
采纳答案by Aristos
There are many examples on web.
网上有很多例子。
some of them:
他们中的一些:
How can I encrypt a querystring in asp.net?
how to pass encrypted query string in asp.net
http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings
http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings
http://www.keyvan.ms/how-to-encrypt-query-string-parameters-in-asp-net
http://www.keyvan.ms/how-to-encrypt-query-string-parameters-in-asp-net
http://forums.asp.net/t/989552.aspx/1
http://forums.asp.net/t/989552.aspx/1
Now you say that you do like to encrypt the keys also, actually what you have to do is to encrypt them all url line, and then you just read the RawUrl what after the ? and decrypt it.
现在你说你也喜欢加密密钥,实际上你要做的就是加密它们所有的 url 行,然后你只需阅读 RawUrl 之后的内容是什么?并解密它。
回答by Eric Kauffman
There is one issue that many of the references above overlook, and that is just prior to returning the encrypted string, URL Encode (see below right before the string is returned). I am using IIS 7.5, and it will automatically "Decode" the string for you, so the decryption "should" be OK. Both the Encrypt and Decrypt code is shown below.
上面的许多参考资料都忽略了一个问题,那就是在返回加密字符串之前,即 URL 编码(在返回字符串之前,请参见下文)。我使用的是 IIS 7.5,它会自动为您“解码”字符串,因此解密“应该”没问题。加密和解密代码如下所示。
public string EncryptQueryString(string inputText, string key, string salt)
{
byte[] plainText = Encoding.UTF8.GetBytes(inputText);
using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
{
PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
string base64 = Convert.ToBase64String(memoryStream.ToArray());
// Generate a string that won't get screwed up when passed as a query string.
string urlEncoded = HttpUtility.UrlEncode(base64);
return urlEncoded;
}
}
}
}
}
public string DecryptQueryString(string inputText, string key, string salt)
{
byte[] encryptedData = Convert.FromBase64String(inputText);
PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
{
using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream(encryptedData))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
byte[] plainText = new byte[encryptedData.Length];
cryptoStream.Read(plainText, 0, plainText.Length);
string utf8 = Encoding.UTF8.GetString(plainText);
return utf8;
}
}
}
}
}
