加密或使用.NET 3.5隐藏在查询字符串网站Asp.net [英] Encrypt Or Hide QueryString at Asp.net website using .net 3.5

问题描述

我有一个母版页，我需要隐藏或加密所有通过查询字符串在一个共同的地方价值观不改变很多code什么构建的现有asp.net网站。

I have an existing asp.net web site built with master pages and what I need to hide or encrypt all pass query strings values in a common place without changing a lot of code.

任何一个可以帮我这个请..还是有隐藏的另一个想法，而不是或加密>>？

Can any one help me with this please .. or is there another idea instead of hiding or encrypting >>?

感谢。

推荐答案

什么克里斯在他回答说是绝对正确的。我会接受的答案，如果它是合适的。

What Chris said in his answer is absolutely correct. I would accept that as the answer if it is suitable.

第一个问题是，你的需求的使用查询字符串，如果你是从用户隐藏呢？也许类似会话状态是更好地避免用户从曾经看到它摆在首位。

The first question is, do you need to use a query string if you are hiding it from the user? Perhaps something like Session State is better to avoid the user from ever seeing it in the first place.

不过，除非是 - 也许你有，你不能绕过一个要求，你绝对必须使用查询字符串来自己做。

However, barring that - perhaps you have a requirement that you can't work around and you absolutely have to do it yourself using the query string.

您可以加密查询字符串，你的情况我就这么你不使用 DPAPI 吨有担心麻烦之类的东西密钥管理。下面是一个例子用法：

You can encrypt the query string, in your case I would use DPAPI so you don't have to worry about troublesome things like key management. Here is an example usage:

    public static string Encrypt(string val)
    {
        var bytes = System.Text.Encoding.UTF8.GetBytes(val);
        var encBytes = System.Security.Cryptography.ProtectedData.Protect(bytes, new byte[0], System.Security.Cryptography.DataProtectionScope.LocalMachine);
        return Convert.ToBase64String(encBytes);
    }


    public static string Decrypt(string val)
    {
        var bytes = Convert.FromBase64String(val);
        var encBytes = System.Security.Cryptography.ProtectedData.Unprotect(bytes, new byte[0], System.Security.Cryptography.DataProtectionScope.LocalMachine);
        return System.Text.Encoding.UTF8.GetString(encBytes);
    }

您将不得不添加到 System.Security 程序集的引用，并导入命名空间 System.Security.Cryptography 。

You would have to add a reference to the System.Security assembly and import the namespace System.Security.Cryptography.

下面是关于如何在页面中使用它的一个例子：

Here's an example on how to use it in a page:

Response.Redirect("~/somepage.aspx?data=" + Server.UrlEncode(Encrypt("SomeSensitiveData")));

和解密：

var data = Decrypt(Request.QueryString["data"]);

您可以使用它来加密查询字符串值，如加密，并使用解密在页面上需要跨preT查询字符串。

You can use this to encrypt a query string value, such as Encrypt and use Decrypt on the page that needs to interpret the query string.

您除了可以在SSL使用;这是一个好主意。这还意味着，用户将不能够看到查询字符串值。

You can use this in addition to SSL; which is a good idea. This will also mean that the user won't be able to see the query string values.

有注意事项，使用DPAPI。其中之一是，它不与负载平衡发挥出色。你将不得不使用别的东西，或设置负载平衡器使用粘滞会话。另一种是，如果他们用书签加密查询字符串值的网页;你移动到另一台服务器，那么所有的书签都将包含服务器现在不能解密加密的查询字符串。

There are caveats to using DPAPI. One is that it doesn't play well with load balancers. You would have to use something else, or setup the load balancer to use a sticky session. Another is that if they bookmark a page with an encrypted query string value; and you moved to another server, then all of the bookmarks will contain encrypted query strings that the server cannot decrypt now.

如果在查询字符串必须是preserved（如书签），它是不是只是临时的使用，那么你就需要拿出一个共同的关键，​​保持安全的地方，和你自己做加密的东西，如AES。

If the query strings need to be preserved (such as for bookmarking), and it isn't for just "temporary" use, then you would need to come up with a common key, keep it somewhere safe, and do the encryption yourself with something like AES.

这篇关于加密或使用.NET 3.5隐藏在查询字符串网站Asp.net的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！