shahab
Junior Contributor
I have used many querystrings in my web site now I want to secure them all.
Is it enough to secure all of them in this way:
Is it enough to secure all of them in this way:
is there any other aspect?Show Me Some Code Already!
Implementing a secure query string is simple, and works almost identically to any other NameValueCollection. The following code simply instantiates the SecureQueryString object and adds a couple of parameters to it.
// Create the queryString object
SecureQueryString qs = new SecureQueryString();
// Add name/value pairs.
qs["Name"] = "TSHAK";
qs["SSN"] = "000-00-0000";
Now lets generate a URL with your name/value pairs encrypted. To do this, we simply call the ToString() method:
string url = "DestPage.aspx?x=" + qs.ToString();
Youll see that I used the query string parameter x. You can name any parameter that you like, or not use a named parameter at all. I used the x for illustration purposes.
Now that weve generated the URL, we need a way to retrieve the values from the receiving page. Because the values are encrypted, we can no longer use the Request object to pull our values. Fortunately, as shown in the code snippet below, the process is very similar:
// Simply pass the encrypted string into the constructor
SecureQueryString qs = new SecureQueryString(Request["x"]);
// Now access the NameValueCollection
string Name = qs["Name"];
string SSN = qs["SSN"];
By Tim Shakarian
Originally Published:1/12/2004