#Region "Using" Imports System.IO Imports System.Web Imports System.Text Imports System.Security.Cryptography #End Region ''' <summary> ''' Summary description for QueryStringEncryptDecryptModule '''www.technade.com/2011/02/query-string-encryption-using-http.html ''' </summary> Namespace Technade.Web.Core.Application Public Class EncryptDecrypt Implements IHttpModule #Region "IHttpModule Members" Public Sub Dispose() Implements IHttpModule.Dispose ' Nothing to dispose End Sub Public Sub Init(ByVal context As HttpApplication) Implements IHttpModule.Init AddHandler context.BeginRequest, New EventHandler(AddressOf context_BeginRequest) End Sub #End Region Private Const PARAMETER_NAME As String = "Technade=" Private Const ENCRYPTION_KEY As String = "key" Private Sub context_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) Dim context As HttpContext = HttpContext.Current If context.Request.Url.OriginalString.Contains("aspx") AndAlso context.Request.RawUrl.Contains("?") Then Dim query As String = ExtractQuery(context.Request.RawUrl) Dim path As String = GetVirtualPath() If query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase) Then ' Decrypts the query string and rewrites the path. Dim rawQuery As String = query.Replace(PARAMETER_NAME, String.Empty) Dim decryptedQuery As String = Decrypt(rawQuery) context.RewritePath(path, String.Empty, decryptedQuery) ElseIf context.Request.HttpMethod = "GET" Then ' Encrypt the query string and redirects to the encrypted URL. ' Remove if you don't want all query strings to be encrypted automatically. Dim encryptedQuery As String = Encrypt(query) context.Response.Redirect(path & encryptedQuery) End If End If End Sub ''' <summary> ''' Parses the current URL and extracts the virtual path without query string. ''' </summary> ''' <returns>The virtual path of the current URL.</returns> Private Shared Function GetVirtualPath() As String Dim path As String = HttpContext.Current.Request.RawUrl path = path.Substring(0, path.IndexOf("?")) path = path.Substring(path.LastIndexOf("/") + 1) Return path End Function ''' <summary> ''' Parses a URL and returns the query string. ''' </summary> ''' <param name="url">The URL to parse.</param> ''' <returns>The query string without the question mark.</returns> Private Shared Function ExtractQuery(ByVal url As String) As String Dim index As Integer = url.IndexOf("?") + 1 Return url.Substring(index) End Function #Region "Encryption/decryption" ''' <summary> ''' The salt value used to strengthen the encryption. ''' </summary> Private Shared ReadOnly SALT As Byte() = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString()) ''' <summary> ''' Encrypts any string using the Rijndael algorithm. ''' </summary> ''' <param name="inputText">The string to encrypt.</param> ''' <returns>A Base64 encrypted string.</returns> Public Shared Function Encrypt(ByVal inputText As String) As String Dim rijndaelCipher As New RijndaelManaged() Dim plainText As Byte() = Encoding.Unicode.GetBytes(inputText) Dim SecretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT) Using encryptor As ICryptoTransform = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)) Using memoryStream As New MemoryStream() Using cryptoStream As New CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write) cryptoStream.Write(plainText, 0, plainText.Length) cryptoStream.FlushFinalBlock() Return "?" & PARAMETER_NAME & Convert.ToBase64String(memoryStream.ToArray()) End Using End Using End Using End Function ''' <summary> ''' Decrypts a previously encrypted string. ''' </summary> ''' <param name="inputText">The encrypted string to decrypt.</param> ''' <returns>A decrypted string.</returns> Public Shared Function Decrypt(ByVal inputText As String) As String Dim rijndaelCipher As New RijndaelManaged() Dim encryptedData As Byte() = Convert.FromBase64String(inputText) Dim secretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT) Using decryptor As ICryptoTransform = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)) Using memoryStream As New MemoryStream(encryptedData) Using cryptoStream As New CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read) Dim plainText As Byte() = New Byte(encryptedData.Length - 1) {} Dim decryptedCount As Integer = cryptoStream.Read(plainText, 0, plainText.Length) Return Encoding.Unicode.GetString(plainText, 0, decryptedCount) End Using End Using End Using End Function #End Region End Class End Namespace
<httpModules> <add name="EncryptDecryptModule" type=" Technade.Web.Core.Application.EncryptDecrypt"/> </httpModules>
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)