In this article I will explain with an example, how to encrypt QueryString parameter values and send it to another page and then decrypt the encrypted QueryString parameter values in ASP.Net MVC.
This article makes use of System.Security.Cryptography class and AES algorithm for encryption and decryption in ASP.Net MVC.
Model
The Model class consists of the following properties.
public class PersonModel
{
///<summary>
/// Gets or sets Name.
///</summary>
public string Name { get; set; }
///<summary>
/// Gets or sets Technology.
///</summary>
public string Technology { get; set; }
}
Controllers
Source Controller
The Controller consists of following Action methods.
Action method for handling GET operation
Inside this Action method, simply the View is returned.
Action method for handling POST operation
This Action method gets called when Send button is clicked or when the Form is submitted.
Inside this Action method, the RedirectToAction method is called where the QueryString values will be encrypted using Encrypt method and passed to another Page.
public class HomeController : Controller
{
// GET: Home
public ActionResult Index()
{
return View();
}
[HttpPost]
public ActionResult Send(PersonModel person)
{
//Send Model object in QueryString to another Controller.
return RedirectToAction("Index", "PersonDetails",
new
{
Name = this.Encrypt(person.Name),
Technology = this.Encrypt(person.Technology)
});
}
private string Encrypt(string plainText)
{
//Secret Key.
string secretKey = "$ASPcAwSNIgcPPEoTSa0ODw#";
//Secret Bytes.
byte[] secretBytes = Encoding.UTF8.GetBytes(secretKey);
//Plain Text Bytes.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
//Encrypt with AES Alogorithm using Secret Key.
using (Aes aes = Aes.Create())
{
aes.Key = secretBytes;
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.PKCS7;
byte[] encryptedBytes = null;
using (ICryptoTransform encryptor = aes.CreateEncryptor())
{
encryptedBytes = encryptor.TransformFinalBlock(plainTextBytes, 0, plainTextBytes.Length);
}
return Convert.ToBase64String(encryptedBytes);
}
}
}
Destination Controller (PersonDetails)
The Controller consists of the following Action method.
Action method for handling GET operation
Inside this Action method, an object of PersonModel class is created and then the values of the Name and Technology will be set with decrypted values of QueryString Parameters extracted from the Request.QueryString collection.
public class PersonDetailsController : Controller
{
// GET: PersonDetails
public ActionResult Index()
{
PersonModel person = new PersonModel
{
Name = this.Decrypt(Request.QueryString["Name"]),
Technology = this.Decrypt(Request.QueryString["Technology"]),
};
return View(person);
}
private string Decrypt(string encryptedText)
{
//Secret Key.
string secretKey = "$ASPcAwSNIgcPPEoTSa0ODw#";
//Secret Bytes.
byte[] secretBytes = Encoding.UTF8.GetBytes(secretKey);
//Encrypted Bytes.
byte[] encryptedBytes = Convert.FromBase64String(encryptedText);
//Decrypt with AES Alogorithm using Secret Key.
using (Aes aes = Aes.Create())
{
aes.Key = secretBytes;
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.PKCS7;
byte[] decryptedBytes = null;
using (ICryptoTransform decryptor = aes.CreateDecryptor())
{
decryptedBytes = decryptor.TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length);
}
return Encoding.UTF8.GetString(decryptedBytes);
}
}
}
Views
HTML Markup
The View consists of an HTML Form which has been created using the Html.BeginForm method with the following parameters.
ActionName – Name of the Action. In this case the name is Send.
ControllerName – Name of the Controller. In this case the name is Home.
FormMethod – It specifies the Form Method i.e. GET or POST. In this case it will be set to POST.
The Form consists of an HTML Table with one TextBox and one DropDownList created using Html.TextBoxFor and Html.DropDownListFor methods respectively.
The Form also consists of a Submit button, which when clicked the Form is submitted.
@model Encrypt_QueryString_MVC.Models.PersonModel
@{
Layout = null;
}
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>Index</title>
</head>
<body>
@using (Html.BeginForm("Send", "Home", FormMethod.Post))
{
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td>Name:</td>
<td>
@Html.TextBoxFor(m => m.Name, "Mudassar Khan")
</td>
</tr>
<tr>
<td>Technology:</td>
<td>
@Html.DropDownListFor(m => m.Technology, new List<SelectListItem>
{ new SelectListItem{Text="ASP.Net", Value="ASP.Net"},
new SelectListItem{Text="PHP", Value="PHP"},
new SelectListItem{Text="JSP", Value="JSP"}})
</td>
</tr>
</table>
<hr />
<input type="submit" value="Submit"/>
}
</body>
</html>
Destination View (PersonModel)
Inside the View, in the very first line the PersonModel class is declared as Model for the View.
The View consists of an HTML Table which is used for displaying the detail of Person using the PersonModel class object.
@model Encrypt_QueryString_MVC.Models.PersonModel
@{
Layout = null;
}
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>Index</title>
</head>
<body>
<table cellpadding="0" cellspacing="0">
<tr>
<td>Name: </td>
<td>@Model.Name</td>
</tr>
</tr>
<tr>
<td>Technology: </td>
<td>@Model.Technology</td>
</tr>
</table>
</body>
</html>
Screenshot
![ASP.Net MVC: Encrypt Decrypt QueryString]()
Demo
Downloads
