我如何可以加密在ASP.NET网站查询字符串参数？ [英] How can i encrypt query string parameters in ASP.NET website?

问题描述

在我的ASP.Net网站之一，我必须提供一个链接到所有查询字符串参数应该被加密的用户。

In one of my ASP.Net websites, I have to provide a link to the user in which all query string parameters should be encrypted.

我在想什么是使用命令aspnet_regiis的（如用于加密的web.config 数据），通过输出作为发布的网址内的查询字符串。

What I am thinking is to use the command "aspnet_regiis" (as used to encrypt web.config data), pass output as a query string inside published url.

当用户点击该链接，我先解密字符串，然后取原始数据的查询字符串。

When the user clicks that link, I first decrypt the string and then fetch the original data for the query string.

我的权利在做这个？有没有什么好的方法来加密和解密的查询字符串？

Am I right in doing this? Is there any good technique to encrypt and decrypt query strings?

推荐答案

在ASP.NET环境加密和解密字符串的一个好方法是使用FormsAuthentication.Encrypt方法

A good way of encrypting and decrypting string in the ASP.NET context is to use the FormsAuthentication.Encrypt Method

这似乎是只适用于饼干，但它运作良好，在其他情况下，再加上，你可以添加到期日期以及（或者DateTime.MaxValue如果不需要的话），这是一个示例code：

It seems to be only suited for cookie, but it works well in other context, plus, you can add an expiration date as well (or DateTime.MaxValue if it's not needed), this is a sample code:

public static string Encrypt(string content, DateTime expiration)
{
    return FormsAuthentication.Encrypt(new FormsAuthenticationTicket(1,
        HttpContext.Current.Request.UserHostAddress, // or something fixed if you don't want to stick with the user's IP Address
        DateTime.Now, expiration, false, content));
}

public static string Decrypt(string encryptedContent)
{
    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(encryptedContent);
    if (!ticket.Expired)
            return ticket.UserData;

    return null; // or throw...
}

这篇关于我如何可以加密在ASP.NET网站查询字符串参数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！