How to encrypt query strings in asp.net?

Question 1

How do I encrypt query strings in aspx.net?

P.S. I realize that this does not offer security. I'm just looking to obfuscate a puzzle.

P.P.S Though I marked CKret's answer as the correct one (for the question as worded I believe his is the most correct answer). However, for myself, I'm just going to try ChoasPandion's alternative to encryption. If I needed more security I'd look at CKret's or Ian's.

Question 2

Why wouldn't encrypting the querystring offer security, assuming that it was done properly?

Question 3

Luke, I should have instead said, I'm not looking for "security." I just wanted to avoid a lot of people being focused on security.

Question 4

Don't bother encrypting it. Just convert it to a base 64 string.

string encoded = Convert.ToBase64String(Encoding.Unicode.GetBytes(myQueryStringValue));

Question 5

Note that this solution doesn't offer security - only obfuscation. (Security by obscurity is not). However, in the OP's case it seems like he's mostly interested in obfuscation, rather than security, so this would probably be a good solution, as long as you UrlEncode to the returned string.

Question 6

That is why I posted this answer. If he really needs security this would be a poor answer.

Question 7

If you trying to hide your product Id's and things like that, then why not just use Encryption?

I guess what you want to do, is to stop people editing the query string to get different results. The simple way to do this, is to add a Hash of the query string to the query string, and have some base-page functionality check that the hash is correct for the request, identifing tampered query strings.

See Prevent query string manipulation by adding a hash?

Question 8

Hashing is different from encryption.

ChaosPandion 78.4k18 gold badges122 silver badges159 bronze badges · Answer 1 · 2009-09-29 14:32:00Z

2

Don't bother encrypting it. Just convert it to a base 64 string.

string encoded = Convert.ToBase64String(Encoding.Unicode.GetBytes(myQueryStringValue));

Share

Improve this answer

answered Sep 29, 2009 at 14:32

ChaosPandion's user avatar

ChaosPandion

78.4k18 gold badges122 silver badges159 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Anderson Imes

Anderson Imes Over a year ago

Note that this solution doesn't offer security - only obfuscation. (Security by obscurity is not). However, in the OP's case it seems like he's mostly interested in obfuscation, rather than security, so this would probably be a good solution, as long as you UrlEncode to the returned string.

2009年09月29日T14:34:56.09Z+00:00

ChaosPandion

ChaosPandion Over a year ago

That is why I posted this answer. If he really needs security this would be a poor answer.

2009年09月29日T14:37:21.703Z+00:00

Dead account 20k13 gold badges54 silver badges82 bronze badges · Answer 2 · 2009-09-29 14:35:20Z

If you trying to hide your product Id's and things like that, then why not just use Encryption?

I guess what you want to do, is to stop people editing the query string to get different results. The simple way to do this, is to add a Hash of the query string to the query string, and have some base-page functionality check that the hash is correct for the request, identifing tampered query strings.

See Prevent query string manipulation by adding a hash?

CollectivesTM on Stack Overflow

How to encrypt query strings in asp.net?

2 Answers 2

2 Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Linked

Hot Network Questions

CollectivesTM on Stack Overflow

2 Answers 2

2 Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Linked

Related