8

How do I encrypt query strings in aspx.net?

P.S. I realize that this does not offer security. I'm just looking to obfuscate a puzzle.

P.P.S Though I marked CKret's answer as the correct one (for the question as worded I believe his is the most correct answer). However, for myself, I'm just going to try ChoasPandion's alternative to encryption. If I needed more security I'd look at CKret's or Ian's.

ThinkingStiff
  • 64,767
  • 30
  • 146
  • 239
user179700
  • 522
  • 4
  • 13
  • 1
    Why wouldn't encrypting the querystring offer security, assuming that it was done properly? – LukeH Sep 29 '09 at 14:26
  • 1
    Luke, I should have instead said, I'm not looking for "security." I just wanted to avoid a lot of people being focused on security. – user179700 Sep 29 '09 at 15:05

2 Answers2

2

Don't bother encrypting it. Just convert it to a base 64 string.

string encoded = Convert.ToBase64String(Encoding.Unicode.GetBytes(myQueryStringValue));
ChaosPandion
  • 77,506
  • 18
  • 119
  • 157
  • 2
    Note that this solution doesn't offer security - only obfuscation. (Security by obscurity is not). However, in the OP's case it seems like he's mostly interested in obfuscation, rather than security, so this would probably be a good solution, as long as you UrlEncode to the returned string. – Anderson Imes Sep 29 '09 at 14:34
  • 1
    That is why I posted this answer. If he really needs security this would be a poor answer. – ChaosPandion Sep 29 '09 at 14:37
1

If you trying to hide your product Id's and things like that, then why not just use Encryption?

I guess what you want to do, is to stop people editing the query string to get different results. The simple way to do this, is to add a Hash of the query string to the query string, and have some base-page functionality check that the hash is correct for the request, identifing tampered query strings.

See Prevent query string manipulation by adding a hash?

Community
  • 1
  • 1
Dead account
  • 19,587
  • 13
  • 52
  • 82