Encrypted QueryStrings in .NET
When ASP.NET first arrived to the development community a few years back it was clear that one of the primary goals of the technology was to simply front-end development patterns. Many of the troublesome kinks that made classic ASP development very cumbersome had been addressed and pre-built into ASP.NET, allowing the developer to focus on functionality rather than finding solutions to the limits of the technology.
One of these new patterns is now widely known as the post-back concept, whereby forms no longer post themselves to other pages, but rather post to themselves, containing all the form information through the new ASP.NET control objects. You no longer had to “receive” form posts and process the data.
There are certain situations however, where posting or sending information to the same page that originated the data is just not an option. So there is still a need to use either querystrings, or post form data to another page. A good example is a page with overloaded functionality, and the querystring can tell the page which “context” it should run in, thus rendering dynamic content based on the querystring.
Another example could be a page which renders a certain object from your database, such as a document, or an image. The querystring can tell the page which document to fetch and render the result on the page.
Whatever the situation may be, there are times when the querystring information should remain private, or at least inconspicuous. As you’re well aware querystring data by default is clearly visible and decipherable by the naked eye. Taking the document example, a user could simply append: documentid=number to the page and render any document they wish, possibly breaching security or permissions in your application.
In this tutorial we will explore a basic encryption/decryption pattern which will allow your querystring data to remain encoded, and unreadable. Though not recommended for mission critical enterprise applications this basic pattern will alleviate the most common problems associated with unencrypted data.
Note: This tutorial requires Visual Studio .NET for compiling/debugging. If you are an advanced developer and know how to import assemblies and code for them in-line then you can easily use the assembly in any Dreamweaver aspx web form.
Tip: This tutorial is available in both VB.NET and C# format
Read More