tags:

views:

204

answers:

3
Q: 

Encrypt URL in asp.net

Hi All,

My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12

and the same i'll decrypt on my page so that I'll get the userId = 12.

Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner.

Thanks in advance.

+2  A: 

isn't it more appropiate to generate a temporary access key?

Tim Mahy  2010-05-29 16:38:51
@Tim: With > 50 reputation points, you should be able to post this kind of follow-up questions as comments to the question rather than as a void answer :)
Jørn Schou-Rode  2010-05-29 16:41:07
@Jørn I'd say that is a valid answer. The OP asks "Please let me know if my approach is correct"
Martin Smith  2010-05-29 16:43:32
this is an answer on "Please let me know if my approach is correct". Only I'm not saying he should use the more common approach of generating unique "hard-to-guess" access codes, I'm trying to let him think about wether this is what he really wants.... security through obscurity is always a bad thing btw :)
Tim Mahy  2010-05-29 16:45:03
+1  A: 

I'm pretty sure this code project page is what your after. Its basically a HttpModule that can be used to encrypt querystrings.

Zaps  2010-05-29 16:46:13
A: 

Generate a random string value instead of encryption/decryption :) And make it at least 6 or 7 characters long. Store the the value in the database and once the value is received through a query string, run a SQL query to do whatever for the corresponding row :)

Page_Load()

string x = Request.QueryString["UserID"];

SqlCommand x = new SqlCommand("UPDATE UserTable SET UserStatus='Activated' WHERE RandomKey='x'", connection);
Ranhiru Cooray  2010-05-29 17:45:00
Rather than a 6 or 7 character string, use a Guid.
Ben Robinson  2010-05-29 17:47:37
@Ben - I had the same bright idea only to discover that it wasn't so bright! http://stackoverflow.com/questions/643445/how-easily-can-you-guess-a-guid-that-might-be-generated
Martin Smith  2010-05-29 17:57:39
Just because guids are not crypto graphically secure does notmean they are not fit for this purpose. They are not suitable to use as a cryptograhpic key as they could as the data could be decrypted by generating millions of likely guids. This atack is not feasable in the context of a querystring key as you would have to make millions of http requests in a short period of time
Ben Robinson  2010-05-29 18:16:23

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps