如何在asp.net中加密查询字符串值? [英] How to encrypt query string value in asp.net?
本文介绍了如何在asp.net中加密查询字符串值?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hello dear
I have a login form where users enter their username and password, and they are then redirected to another page 2. The information of the logged in user is shown in the page 2. The problem is that the value of query string in url is shown as ID number which can be easily changed by the user. But I want the query string value should either not be changeable or should be encrypted.
Page1 login cod :
protected void ButtonpersonLogin_Click(object sender, EventArgs e)
{
string ErrorMessage = "";
string id, FullName = "";
try
{
if (TextPersonusername.Text == "".Trim() || TextPersonpassword.Text == "".Trim())
{
Label1.Visible = true;
Label1.Text = "Invalid username or password";
}
con.Open();
SqlCommand cmd = new SqlCommand("Sp_loginPerson", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Person_UserName", TextPersonusername.Text.Trim());
cmd.Parameters.AddWithValue("@Person_Password", TextPersonpassword.Text.Trim());
SqlDataReader dr;
dr = cmd.ExecuteReader();
dr.Read();
id = dr.GetValue(0).ToString();
FullName = dr.GetValue(1).ToString();
dr.Close();
con.Close();
HttpCookie c_id = new HttpCookie("id");
HttpCookie c_fullname = new HttpCookie("FullName");
c_id.Value = id;
c_fullname.Value = FullName;
Response.Cookies.Add(c_id);
Response.Cookies.Add(c_fullname);
if (id != " ")
{
Session["Person_TB"] = TextPersonusername;
Response.Redirect("~/ManagePersons.aspx?id=" + id);
}
}
catch (Exception eee)
{
ErrorMessage = eee.Message;
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script>alert(‘" + ErrorMessage + "’)</script>");
}
Page 2 cod :
string strcmd = "Select Person_Name from Person_TB where Person_ID=@iid";
SqlCommand cmd = new SqlCommand(strcmd, con);
cmd.Parameters.Clear();
con.Open();
cmd.Parameters.AddWithValue("@iid", Request.QueryString["id"]);
SqlDataReader dr;
dr = cmd.ExecuteReader();
while (dr.Read())
{
LabelpersWelcom.Text = "Welcome Dear";
LabelWEduPerson.Text = dr["Person_Name"].ToString();
}
con.Close();//-----
推荐答案
加密查询字符串值并在重定向页面解密。
用于加密和解密请查看此链接。
http://www.aspsnippets.com/Articles/AES-Encryption-Decryption-Cryptography-Tutorial-with -example-in-ASPNet-using-C-and-VBNet.aspx [ ^ ]
也可以使用会话来存储细节。
encrypt query string values and decrypt in redirected page.
for encryption and decryption pls check this link.
http://www.aspsnippets.com/Articles/AES-Encryption-Decryption-Cryptography-Tutorial-with-example-in-ASPNet-using-C-and-VBNet.aspx[^]
also can use session to store details.
这篇关于如何在asp.net中加密查询字符串值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
