Encryptiondecryption URL transmission parameters in the web system.

xiaoxiao2021-03-06  62

Many people on the Internet are asking how to implement the web system URL transmission (form commit) parameter encryption. For example: To perform a user account editor, to pass the user's ID, URL is as follows: http://localhost/mysystem/editaccounts.aspx? Id = 2 But don't want others to know the user's ID 2, malicious user 2 may also be modified, change to another user ID. The parameter value of encrypted transmission can solve the problem. The following is the base class written by DEC encryption and decryption. File name: security.cs

Using system; useptography; using system.io; using system.text;

Namespace Eip.framework {///

/// security's summary description. /// Security class implements encryption and decryption under the .NET framework. /// Copyright Kangsoft @ Hotmail.com @ Hotmail.com ///

Public Class Security, PUBLIC CLASS Security

{

String _QueryStringKey = "abcdefgh"; // URL Transfer Parameter Encryption Key

String _passwordkey = "hgfedcba"; // Password encryption key

Public security () {// // Todo: Add constructor logic //} here

///

/// Encrypt the string of the URL transmission ///

///

///

Public String EncryptQueryString (String QueryString)

{

Return encrypt (querystring, _querystringkey);

}

///

/// Decrypt the string of the URL transmission ///

///

///

Public String DecryptQueryString (String QueryString)

{

Return Decrypt (QueryString, _QueryStringKey);

}

///

/// Encrypted account password ///

///

///

Public String Encryptpassword (String Password)

{

Return Encrypt (Password, _passwordKey);

}

///

/// Decrypt account password ///

///

///

Public String Decryptpassword (String Password)

{

Return Decrypt (Password, _passwordKey);

}

///

/// DEC encryption process ///

///

///

///

Public String Encrypt (String Ptoencrypt, String Skey)

{

DescryptoServiceProvider DES = New DescryptoServiceProvider (); // Put the string in the BYTE array

BYTE [] INPUTBYTEARRAY = Encoding.default.getbytes (ptoencrypt);

// Byte [] INPUTBYTEARRAY = Encoding.unicode.getBytes (PToEncrypt);

DES.key = asciiencoding.ascii.getbytes (SKEY); // Establish the key and offset of the encrypted object

DES.IV = asciiencoding.ascii.getbytes (SKEY); // art text using the getBytes method for the ASCIIENCoding.ascii method

MemoryStream ms = new memorystream (); // Make Enter the password must enter English text CRYPTOSTREAM CS = New CryptostReam (MS, DES.CREATEENCRYPTOR (), CRYPTOSTREAMMODE.WRITE);

CS.Write (InputByteArray, 0, InputByteaRray.Length);

cs.flushfinalblock ();

Stringbuilder Ret = new stringbuilder (); foreach (byte b in ms.toarray ()) {RET.APpendFormat ("{0: x2}", b);} ret.tostring (); return ret.toString ();}

///

/// DEC decryption process ////

///

///

///

Public String Decrypt (String Ptodecrypt, String SKey)

{

DescryptoServiceProvider des = New DescryptoServiceProvider ();

Byte [] InputByteArray = new byte [ptodecrypt.length / 2];

For (int x = 0; x

{

INT i = (Convert.Toint 32 (Ptodecrypt.Substring (x * 2, 2), 16);

INPUTBYTEARRAY [X] = (Byte) i;

}

DES.key = asciiencoding.ascii.getbytes (SKEY); // Establish the key and offset of the encryption object, this value is important, can not be modified

DES.IV = asciiencoding.ascii.getbytes (SKEY);

MemoryStream MS = New MemoryStream ();

CryptostReam Cs = New Cryptostream (MS, DES.CREATEDECRYPTOR (), CRYPTOSTREAMMODE.WRITE);

CS.Write (InputByteArray, 0, InputByteaRray.Length);

cs.flushfinalblock ();

StringBuilder Ret = new stringbuilder (); // Establishing a StringBuild object, CreateDecrypt uses stream objects, must turn the decrypted text into the flow object return system.text.Encoding.default.getstring (ms.toarray ());}

///

/// Check if the result of the encrypted string is the same as the original text.

///

///

///

///

Public Bool Validatestring (String Enstring, String Fostring, INT MODE)

{

Switch (Mode)

{

DEFAULT:

Case 1:

IF (Decrypt (EnString, _QueryStringKey) == Fostring.toString ())

{

Return True;

}

Else

{

Return False;

}

Case 2:

IF (Decrypt (EnString, _passwordKey) == Fostring.toString ())

{

Return True;

}

Else

{

Return False;

}

}

}

}

}

The URL and account encryption use different keys in the class. URL call encryption process is as follows: EIP.Framework.Security objSecurity = new EIP.Framework.Security (); decryption; objSecurity.EncryptQueryString ( '' to be encrypted string ''): (parameter '' is passed over) objSecurity.DecryptQueryString ;

Time: 2004-09-5

转载请注明原文地址:https://www.9cbs.com/read-119762.html

New Post(0)