0

I am facing a weird problem:

I am encrypting the contents of a cookie.

My code works fine when I run it in Visual Studio, but gives me a "Bad Request, HTTP Error 400. The request is badly formed." when I run it from the server.

Here is the class for encryption Encrypt Cook.cs, resides in app_code:

public class EncryptCook
{
public EncryptCook()
{
    //
    // TODO: Add constructor logic here
    //
}

public  string EncryptString(string data)
{
    try
    {
        string encryptString = "";
        if (data != "")
        {
            char a;
            int key = Convert.ToInt16(DateTime.Now.Day);
            int j = 0;

            for (int i = 0; i < data.Length; i++)
            {

                j = (int)data[i];
                j = j + key;
                a = (char)j;
                encryptString = encryptString + Convert.ToString(a);

            }
        }
        return encryptString;
    }
    catch
    {
        return "";
    }
}

public   string DeEncryptString(string data)
{
    try
    {
        string encryptString = "";
        if (data != "")
        {

            char a;
            int j = 0;
            int key = Convert.ToInt16(DateTime.Now.Day);
            for (int i = 0; i < data.Length; i++)
            {

                j = (int)data[i];
                j = j - key;
                a = (char)j;
                encryptString = encryptString + Convert.ToString(a);

            }
        }
        return encryptString;
    }
    catch
    {
        return "";
    }

}

Pretty simple, it takes a string, extracts the characters from it and replaces the character with another one, for example, given "a" and that todays date is 13, it will replace it with the 13th character after "a", i.e. "m".

Here is my login control:

protected void Button1_Click(object sender, EventArgs e)
{
//code for retrieving user, which works fine
EncCook cook=new EncCook();
HttpCookie cookie = new HttpCookie("loginstatus");
            cookie["userid"] =cook.EncryptString(name);
            cookie["username"] = cook.EncryptString(doctor);
            cookie["email"] = cook.EncryptString(email);
            cookie["address"] = cook.EncryptString(address);
 Response.Cookies.Add(cookie);
}

Well, this code works fine in the local machine, but gives me a "Bad Request HTTP Error 400. The request is badly formed." error.

I think that it's because of the encoding, but I am not sure, like if its 20 today then ~ + 20 will look like a box character.

Thanks

John Saunders
  • 160,644
  • 26
  • 247
  • 397
Searock
  • 6,278
  • 11
  • 62
  • 98
  • Try running it locally on your computer with IIS, instead of Visual Studios development webserver. You will probably have the same errors as your server then. – sisve May 13 '09 at 04:58

1 Answers1

7

Please don't use home-brewed encryption. It can only end in embarrassment. And if you catch an exception, you should probably rethrow it or return null, not the empty string. The error is likely because your so-called encryption is creating byte sequences that are not valid in the current charset.

Matthew Flaschen
  • 278,309
  • 50
  • 514
  • 539
  • thanks for your answer.But can you tell me whats the problem,i mean it runs fine in my local machine but not on the server – Searock May 13 '09 at 04:49
  • 2
    +1 I agree. You could use any other symmetric algorithm to both encrypt and decrypt data with the same private key (stored in web.config). Make sure you output valid data, you should use Base64 encoded strings for this. – sisve May 13 '09 at 04:57
  • 2
    Please see http://stackoverflow.com/questions/845623/whats-the-best-way-to-encrypt-short-strings-in-net for real symmetric encryption algorithms you can use in .NET. As Simon says (sorry), Base64 (e.g. http://msdn.microsoft.com/en-us/library/dhx0d524.aspx) can be used to correctly encode the encrypted data in the cookie. – Matthew Flaschen May 13 '09 at 05:30
  • I would suggest you URL-encode or Base64-encode your cipher text. Doing so will ensure that the resulting string is valid for the HTTP protocol. – John Wu Jun 16 '15 at 22:48