I did the query string encryption of my project using the example provided here.
When I run the project locally it works fine:
But when I publish it to my server, the encryption simply doesn't work.
The application on the server is running on Windows Server 2008 R2 and IIS 7.
Maybe there is something I must change on IIS? I have no clue.
Anyone?
Thank you.
EDIT:
Here is the code of the QueryStringModule class:
Imports System
Imports System.IO
Imports System.Web
Imports System.Text
Imports System.Security.Cryptography
''' <summary>
''' Summary description for QueryStringModule
''' </summary>
Public Class QueryStringModule
Implements IHttpModule
#Region "IHttpModule Members"
Sub Init(context As HttpApplication) Implements System.Web.IHttpModule.Init
AddHandler context.BeginRequest, AddressOf context_BeginRequest
End Sub
Sub Dispose() Implements System.Web.IHttpModule.Dispose
' Nothing to dispose
End Sub
#End Region
Private Const PARAMETER_NAME As String = "enc="
Private Const ENCRYPTION_KEY As String = "key"
Private Sub context_BeginRequest(sender As Object, e As EventArgs)
Dim context As HttpContext = HttpContext.Current
If context.Request.Url.OriginalString.Contains("aspx") AndAlso context.Request.RawUrl.Contains("?") Then
Dim query As String = ExtractQuery(context.Request.RawUrl)
Dim path As String = GetVirtualPath()
If query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase) Then
' Decrypts the query string and rewrites the path.
Dim rawQuery As String = query.Replace(PARAMETER_NAME, String.Empty)
Dim decryptedQuery As String = Decrypt(rawQuery)
context.RewritePath(path, String.Empty, decryptedQuery)
ElseIf context.Request.HttpMethod = "GET" Then
' Encrypt the query string and redirects to the encrypted URL.
' Remove if you don't want all query strings to be encrypted automatically.
Dim encryptedQuery As String = Encrypt(query)
context.Response.Redirect(path + encryptedQuery)
End If
End If
End Sub
''' <summary>
''' Parses the current URL and extracts the virtual path without query string.
''' </summary>
''' <returns>The virtual path of the current URL.</returns>
Private Shared Function GetVirtualPath() As String
Dim path As String = HttpContext.Current.Request.RawUrl
path = path.Substring(0, path.IndexOf("?"))
path = path.Substring(path.LastIndexOf("/") + 1)
Return path
End Function
''' <summary>
''' Parses a URL and returns the query string.
''' </summary>
''' <param name="url">The URL to parse.</param>
''' <returns>The query string without the question mark.</returns>
Private Shared Function ExtractQuery(url As String) As String
Dim index As Integer = url.IndexOf("?") + 1
Return url.Substring(index)
End Function
#Region "Encryption/decryption"
''' <summary>
''' The salt value used to strengthen the encryption.
''' </summary>
Private Shared ReadOnly SALT As Byte() = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString())
''' <summary>
''' Encrypts any string using the Rijndael algorithm.
''' </summary>
''' <param name="inputText">The string to encrypt.</param>
''' <returns>A Base64 encrypted string.</returns>
Public Shared Function Encrypt(inputText As String) As String
Dim rijndaelCipher As New RijndaelManaged()
Dim plainText As Byte() = Encoding.Unicode.GetBytes(inputText)
Dim SecretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT)
Using encryptor As ICryptoTransform = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16))
Using memoryStream As New MemoryStream()
Using cryptoStream As New CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)
cryptoStream.Write(plainText, 0, plainText.Length)
cryptoStream.FlushFinalBlock()
Return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray())
End Using
End Using
End Using
End Function
''' <summary>
''' Decrypts a previously encrypted string.
''' </summary>
''' <param name="inputText">The encrypted string to decrypt.</param>
''' <returns>A decrypted string.</returns>
Public Shared Function Decrypt(inputText As String) As String
Dim rijndaelCipher As New RijndaelManaged()
Dim encryptedData As Byte() = Convert.FromBase64String(inputText)
Dim secretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT)
Using decryptor As ICryptoTransform = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16))
Using memoryStream As New MemoryStream(encryptedData)
Using cryptoStream As New CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)
Dim plainText As Byte() = New Byte(encryptedData.Length - 1) {}
Dim decryptedCount As Integer = cryptoStream.Read(plainText, 0, plainText.Length)
Return Encoding.Unicode.GetString(plainText, 0, decryptedCount)
End Using
End Using
End Using
End Function
#End Region
End Class
Yes it's a ISS configuration issue.
The web.config for ISS 5 or 6 should contain a <httpModules> tag as is described on madskristensen.net.
<system.web>
<httpModules>
<add type="QueryStringModule" name="QueryStringModule"/>
</httpModules>
</system.web>
If your web application is running on IIS 7 then the setting should be in:
<system.webServer>
<modules>
<add type="QueryStringModule" name="QueryStringModule"/>
</modules>
</system.webServer>
This solution is also described here.
I just found a solution:
1-Open IIS on the server;
2-Select the desired web site;
3-Select Modules;
4-Right click then "Add managed modules";
5-Give a name to it and then find the module you you want to add in the dropdownlist;
6-Reset IIS.
Related
I upgraded my web app from .Net 4.0 to .Net 4.5.2 and have an error that I cannot find a solution to. It is during any interface with Azure Blob Storage. I removed all NuGet Packages and added them again under 4.5.2. The error message is:
Error BC30456 'CreateCloudBlobClient' is not a member of 'CloudStorageAccount'.
Imports:
Imports Microsoft.WindowsAzure
Imports Microsoft.WindowsAzure.Storage.Blob
Imports System.IO
Imports System.Data.SqlClient
Code:
Private _Account As CloudStorageAccount
Private _ImageContainerName As String = ""
Private _ConnectionString As String = ""
Public Sub New(storageEndpoint As String, imageContainerName As String, Optional ByVal connStr As String = "")
_Account = CloudStorageAccount.Parse(storageEndpoint)
_ImageContainerName = imageContainerName
_ConnectionString = connStr
End Sub
Public ReadOnly Property Account As CloudStorageAccount
Get
Return _Account
End Get
End Property
Public ReadOnly Property ImageContainerName As String
Get
Return _ImageContainerName
End Get
End Property
Public Function GetImageFromStore(ByVal imageKey As String) As IO.Stream
Dim blobStorage As CloudBlobClient = _Account.CreateCloudBlobClient
Dim container As CloudBlobContainer = blobStorage.GetContainerReference(Me.ImageContainerName)
If Not container.Exists Then
container.CreateIfNotExists()
container.SetPermissions(New BlobContainerPermissions With {.PublicAccess = BlobContainerPublicAccessType.Off})
End If
Dim blob As CloudBlockBlob = container.GetBlockBlobReference(imageKey)
Dim stream As New MemoryStream()
'Added 11/21/2012 because the pages were erroring out when the image wasn't found in the blob.
If blob.Exists Then
blob.DownloadToStream(stream)
stream.Position = 0
End If
Return stream
End Function
Error is on this line:
DIm blobStorage As CloudBlobClient = _Account.CreateCloudBlobClient
I tested .Net 4.5.2 with WindowsAzure.Storage V8.3.0. All worked fine. After compare your code with mine, I found that you missed one import statement as following.
Imports Microsoft.WindowsAzure.Storage
I am totally lost. I build a Universal App (VB.net) which is consuming a web service on my (Azure Website Vb.net).
My Universal APP (UA) is sending userdata (Username an EmployeeNR) to a webservice and the Webservice is checking that data.
With TripleDES I encrypted the EmployeeNr and Username in the Universal and send it to the WebService. Now i am struggling how to decrypt the TripleDES on my WebService.
In the Universal App I work with Windows.Security.Cryptography which is not available on the Webservice site (asp.net).
I can only use System.Security.Cryptography.
I can encrypt and decrypt on Windows App site.
I also can encrpyt and decrypt on the Web Service site.
But if I pass an encrypted String form Win App to Web Service. Decryption is not working.
Problem is: On both sides, I use the same STRING, same Key and TripleDES encryption, but the result is different.
MY Encryption side - Windows Universal APP
Function myencrptor(ByVal Plaintext As String, ByVal mykey As String) As String
Dim crypt As SymmetricKeyAlgorithmProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.TripleDesCbcPkcs7)
Dim PlainTextbuffer As IBuffer = CryptographicBuffer.ConvertStringToBinary(Plaintext, BinaryStringEncoding.Utf8)
Dim mykeybuffer As IBuffer = CryptographicBuffer.ConvertStringToBinary(mykey, BinaryStringEncoding.Utf8)
Dim magickey As CryptographicKey = crypt.CreateSymmetricKey(mykeybuffer)
Dim signed As IBuffer = CryptographicEngine.Encrypt(magickey, PlainTextbuffer, Nothing)
Dim verschlüsselt As String = CryptographicBuffer.EncodeToBase64String(signed)
Return verschlüsselt
End Function
My Server Side
Partial Class regal_appsync_Default
Inherits System.Web.UI.Page
Public NotInheritable Class Simple3Des
Private xTripleDES As New TripleDESCryptoServiceProvider
Sub New(ByVal key As String)
' Initialize the crypto provider.
xTripleDES.Key = TruncateHash(key, xTripleDES.KeySize \ 8)
xTripleDES.IV = TruncateHash("", xTripleDES.BlockSize \ 8)
End Sub
Private Function TruncateHash(ByVal key As String, ByVal length As Integer) As Byte()
Dim sha1 As New SHA1CryptoServiceProvider
' Hash the key.
Dim keyBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(key)
Dim hash() As Byte = sha1.ComputeHash(keyBytes)
' Truncate or pad the hash.
ReDim Preserve hash(length - 1)
Return hash
End Function
Public Function EncryptData(ByVal plaintext As String) As String
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(plaintext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms,
xTripleDES.CreateEncryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
' Convert the encrypted stream to a printable string.
Return Convert.ToBase64String(ms.ToArray)
End Function
Public Function DecryptData(ByVal encryptedtext As String) As String
' Convert the encrypted text string to a byte array.
Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the decoder to write to the stream.
Dim decStream As New CryptoStream(ms, xTripleDES.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
decStream.FlushFinalBlock()
' Convert the plaintext stream to a string.
Return System.Text.Encoding.UTF8.GetString(ms.ToArray)
End Function
End Class
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Lbl1.Text = myEncoding(Txt1.Text)
End Sub
Protected Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Lbl1.Text = myDecoding(Lbl1.Text)
End Sub
Function myEncoding(ByVal plainText As String) As String
Dim wrapper As New Simple3Des("012345678901234567891234")
Dim cipherText As String = wrapper.EncryptData(plainText)
Return cipherText
End Function
Function myDecoding(ByVal cipherText As String) As String
' DecryptData throws if the wrong password is used.
Dim wrapper As New Simple3Des("012345678901234567891234")
Try
Dim plainText As String = wrapper.DecryptData(cipherText)
Return plainText
Catch ex As System.Security.Cryptography.CryptographicException
Return "problem"
End Try
End Function
End Class
looking forward to any helpful tips!
best wishes
hendrik
I'm reading a book entitled beginning asp.net security from wrox and I'm in this part where it shows a code snippet for using rijndael the problem this example is not included in the downloadable source codes. I decided to seek (professional)help here in the forums.
It would be awesome if you try and test it as well and hopefully give an example(codes) on how I could implement it.
Here is the code:
public class EncryptionRijndael
{
public EncryptionRijndael()
{
//
// TODO: Add constructor logic here
//
}
public static byte[] GenerateRandomBytes(int length)
{
byte[] key = new byte[length];
RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
provider.GetBytes(key);
return key;
}
public void GetKeyAndIVFromPasswordAndSalt(string password, byte[] salt,SymmetricAlgorithm symmetricAlgorithm,ref byte[] key, ref byte[] iv)
{
Rfc2898DeriveBytes rfc2898DeriveBytes =
new Rfc2898DeriveBytes(password, salt);
key =
rfc2898DeriveBytes.GetBytes(symmetricAlgorithm.KeySize / 8);
iv =
rfc2898DeriveBytes.GetBytes(symmetricAlgorithm.BlockSize / 8);
}
public static byte[] Encrypt(byte[] clearText, byte[] key, byte[] iv)
{
// Create an instance of our encyrption algorithm.
RijndaelManaged rijndael = new RijndaelManaged();
// Create an encryptor using our key and IV
ICryptoTransform transform = rijndael.CreateEncryptor(key, iv);
// Create the streams for input and output
MemoryStream outputStream = new MemoryStream();
CryptoStream inputStream = new CryptoStream(
outputStream,
transform,
CryptoStreamMode.Write);
// Feed our data into the crypto stream.
inputStream.Write(clearText, 0, clearText.Length);
// Flush the crypto stream.
inputStream.FlushFinalBlock();
// And finally return our encrypted data.
return outputStream.ToArray();
}
static byte[] Decrypt(byte[] cipherText, byte[] key, byte[] iv)
{
// Create an instance of our encyrption algorithm.
RijndaelManaged rijndael = new RijndaelManaged();
// Create an decryptor using our key and IV ;
ICryptoTransform transform = rijndael.CreateDecryptor(key, iv);
// Create the streams for input and output
MemoryStream outputStream = new MemoryStream();
CryptoStream inputStream = new CryptoStream(outputStream,transform,CryptoStreamMode.Write);
// Feed our data into the crypto stream.
inputStream.Write(cipherText, 0, cipher.Length);
// Flush the crypto stream.
inputStream.FlushFinalBlock();
// And finally return our decrypted data.
return outputStream.ToArray();
}
}
Sir/Ma'am your answers would be of great help. Thank you++
(it would be awesome if you could show me how to call encrypt and decrypt properly)
I have found that it is best to create a class to wrap your credentials and a separate one to do the encryption. Here is what I created... sorry it's in vb instead of c#:
Public Class SymmetricEncryptionCredentials
Private _keyIterations As Integer
Public ReadOnly Property ivString As String
Get
Return Convert.ToBase64String(Me.iv)
End Get
End Property
Public ReadOnly Property saltString() As String
Get
Return Convert.ToBase64String(Me.salt)
End Get
End Property
Public ReadOnly Property keyIterations As Integer
Get
Return _keyIterations
End Get
End Property
Private Property keyPassword() As String
Private Property salt() As Byte()
Private ReadOnly Property key() As Security.Cryptography.Rfc2898DeriveBytes
Get
Return New Security.Cryptography.Rfc2898DeriveBytes(keyPassword, salt, keyIterations)
End Get
End Property
Private Property iv() As Byte()
''' <summary>
''' Creates a set of encryption credentials based on the
''' provided key, ivPassword, and salt string.
''' </summary>
''' <param name="keyPassword">The Secret key used for encryption</param>
''' <param name="salt">The salt string (not secret) from which the salt
''' bytes are derived.</param>
''' <remarks></remarks>
Public Sub New(ByVal keyPassword As String, ByVal salt As String, ByVal iv As String, ByVal keyIterations As Integer)
Me.keyPassword = keyPassword
Me.iv = Convert.FromBase64String(iv)
Me.salt = Convert.FromBase64String(salt)
_keyIterations = keyIterations
End Sub
''' <summary>
''' Creates a new set of encryption credentials based on the
''' provided key, while making a ivPassword and salt.
''' </summary>
''' <param name="keyPassword">The Secret key used for encryption</param>
''' <remarks>Creates a new set of encryption credentials based on the
''' provided key password, while making a ivPassword and salt.</remarks>
Public Sub New(ByVal keyPassword As String, ByVal keyIterations As Integer)
Me.keyPassword = keyPassword
Me.iv = Passwords.GetRandomPassword(16, 16)
Me.salt = Passwords.GetRandomPassword()
_keyIterations = keyIterations
End Sub
''' <summary>
''' Creates a new set of encryption credentials based on the
''' provided key, while making a ivPassword and salt. Uses
''' default PBKDF iteration count.
''' </summary>
''' <param name="keyPassword">The Secret key used for encryption</param>
''' <remarks>Creates a new set of encryption credentials based on the
''' provided key password, while making a ivPassword and salt.</remarks>
Public Sub New(ByVal keyPassword As String)
Me.New(keyPassword, AppSettings("defaultKeyPBKDFIterations"))
End Sub
''' <summary>
''' Gets an AES Encryptor with key derived from RFC2898.
''' </summary>
''' <returns></returns>
''' <remarks></remarks>
Public Function GetAESEncryptor() As Security.Cryptography.ICryptoTransform
Dim aes As New Security.Cryptography.AesManaged
aes.KeySize = 256
aes.Key = Me.key.GetBytes(aes.KeySize / 8)
aes.IV = Me.iv
Return aes.CreateEncryptor()
End Function
Public Function GetAESDecryptor() As Security.Cryptography.ICryptoTransform
Dim aes As New Security.Cryptography.AesManaged
aes.KeySize = 256
aes.Key = Me.key.GetBytes(aes.KeySize / 8)
aes.IV = Me.iv
Return aes.CreateDecryptor
End Function
End Class
Public Class SymmetricEncryption
Public Shared Function Encrypt(ByVal unencryptedValue As String, creds As SymmetricEncryptionCredentials) As String
Dim inBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(unencryptedValue)
Dim outBytes() As Byte
Using outStream As New IO.MemoryStream()
Using encryptStream As New System.Security.Cryptography.CryptoStream(outStream, creds.GetAESEncryptor, Security.Cryptography.CryptoStreamMode.Write)
encryptStream.Write(inBytes, 0, inBytes.Length)
encryptStream.FlushFinalBlock()
outBytes = outStream.ToArray
encryptStream.Close()
End Using
outStream.Close()
End Using
Dim outString As String = Convert.ToBase64String(outBytes)
Return outString
End Function
Public Shared Function Decrypt(ByVal encryptedValue As String, creds As SymmetricEncryptionCredentials) As String
Dim inBytes() As Byte = Convert.FromBase64String(encryptedValue)
Dim outString As String
Using outStream As New IO.MemoryStream
Using decryptionStream As New System.Security.Cryptography.CryptoStream(outStream, creds.GetAESDecryptor, Security.Cryptography.CryptoStreamMode.Write)
decryptionStream.Write(inBytes, 0, inBytes.Length)
decryptionStream.FlushFinalBlock()
Dim outBytes() As Byte = outStream.ToArray
outString = System.Text.Encoding.UTF8.GetString(outBytes)
decryptionStream.Close()
End Using
outStream.Close()
End Using
Return outString
End Function
End Class
Public Class Passwords
Public Shared Function GetRandomPassword(minLength As Integer, maxlength As Integer) As Byte()
' *** 1. Get how long the password will be
Dim rand As New Random
Dim passLength As Integer = rand.Next(minLength, maxlength)
' *** 2. Create an array of Bytes to hold the
' random numbers used to make the string's chars
Dim passBytes(passLength - 1) As Byte
' *** 3. Fill the array with random bytes.
Dim rng As New Security.Cryptography.RNGCryptoServiceProvider
rng.GetBytes(passBytes)
Return passBytes
End Function
Public Shared Function GetRandomPassword() As Byte()
Return GetRandomPassword(12, 32)
End Function
End Class
I am trying to create a new user and set their password in AD LDS using asp.net vb. I'm binding to an instance of a directory entry, which is working fine. And I can add a user without a problem. The problem is that I can't seem to set the password when I add the user. Is this the right way to set the password?
Dim objADAM As DirectoryEntry = BindToInstance()
Dim objUser As DirectoryEntry = objADAM.Children.Add("CN=Jimmy", "User")
objUser.Properties("sn").Value = "lloyd"
objUser.Properties("givenName").Value = "Jimmy Smith"
objUser.Properties("userpassword").Value = "THEPASSWORD"
objUser.CommitChanges()
This is the error that I get :
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred. (Exception from HRESULT: 0x80072020) at System.DirectoryServices.DirectoryEntry.CommitChanges()
I've also tried this :
Dim objADAM As DirectoryEntry = BindToInstance()
Dim objUser As DirectoryEntry = objADAM.Children.Add("CN=Jimmy", "User")
objUser.Properties("sn").Value = "lloyd"
objUser.Properties("givenName").Value = "Jimmy Smith"
objUser.CommitChanges()
objUser.Invoke("SetPassword", New Object() {"123456789A$#"})
objUser.CommitChanges()
Which gave me this error :
System.Reflection.TargetInvocationException:
Exception has been thrown by the
target of an invocation. --->
System.Runtime.InteropServices.COMException
(0x8000500D): The directory property
cannot be found in the cache. --- End
of inner exception stack trace --- at
System.DirectoryServices.DirectoryEntry.Invoke(String
methodName, Object[] args)
My coworker found a solution. You call CreateUserSetPassword to create the user and setup the password in one function call.
FYI, if the set password fails, the user will already be set up, so you'll need to either delete the user or just call the SetPassword function again.
Class variables
Private Uri As String
' { get; set; }
Private OuUri As String
' { get; set;}
Private UserUri As String
' { get; set; }
'You will want to set these two parameters somewhere in .config and pass to
'or otherwise make available to this process
Private userid As String = "danny123"
Private pwd As String = "pa$$word1"
New function
Public Sub New(ByVal uri__1 As String, ByVal ou As String)
Uri = uri__1
OuUri = "LDAP://" & uri__1 & "/" & ou
UserUri = "LDAP://" & uri__1 & "/CN={0}," & ou
End Sub
CreateUserSetPassword
''' <summary>
''' Creates new user and sets password
''' </summary>
''' <param name="userName"></param>
''' <param name="password"></param>
Public Function CreateUserSetPassword(ByVal userName As String, ByVal password As String) As String
Dim oGUID As String = String.Empty
oGUID = CreateUserAccount(userName, password)
If oGUID = String.Empty Then
oGUID = SetPassword(userName, password)
If oGUID = String.Empty Then
oGUID = EnableUser(userName)
End If
End If
Return oGUID
End Function
CreateUserAccount
''' <summary>
''' Create user in the AD-LDS
''' </summary>
''' <param name="userName"></param>
''' <param name="userPassword"></param>
''' <returns></returns>
Public Function CreateUserAccount(ByVal userName As String, ByVal userPassword As String) As String
Dim oGUID As String = String.Empty
Try
Dim connectionPrefix As String = OuUri
Using dirEntry As New DirectoryEntry(connectionPrefix, userid, pwd)
Dim newUser As DirectoryEntry = dirEntry.Children.Add("CN=" & userName, "user")
newUser.Properties("userPrincipalName").Value = userName
newUser.CommitChanges()
newUser.Close()
End Using
'catch (System.DirectoryServices.DirectoryServicesCOMException E)
Catch E As Exception
oGUID = E.Message
End Try
Return oGUID
End Function
SetPassword
''' <summary>
''' Set password for the user in AD-LDS
''' </summary>
''' <param name="user"></param>
''' <param name="password"></param>
Public Function SetPassword(ByVal user As String, ByVal password As String) As String
Dim oGUID As String = String.Empty
Const adsOptionPasswordPortnumber As Long = 6
Const adsOptionPasswordMethod As Long = 7
Const adsPasswordEncodeClear As Integer = 1
Const intPort As Integer = 50000
Dim objUser As DirectoryEntry
' User object.
' Set authentication flags.
Dim AuthTypes As AuthenticationTypes = AuthenticationTypes.Signing Or AuthenticationTypes.Sealing Or AuthenticationTypes.Secure
' Bind to user object using LDAP port.
Try
objUser = New DirectoryEntry(String.Format(UserUri, user), userid, pwd, AuthTypes)
'Get object using GetDirectoryEntry
'objUser = GetDirectoryEntry(user);
objUser.RefreshCache()
objUser.Invoke("SetOption", New Object() {adsOptionPasswordPortnumber, intPort})
objUser.Invoke("SetOption", New Object() {adsOptionPasswordMethod, adsPasswordEncodeClear})
objUser.Invoke("SetPassword", New Object() {password})
objUser.CommitChanges()
Catch e As Exception
oGUID = e.Message & vbLf & vbCr & Convert.ToString(e.InnerException)
End Try
Return oGUID
End Function
What is the best method to obfuscate the urls created in Dynamic Data?
eg \Products\List.aspx?ProductId=2 could become
\Products\List.aspx?x=UHJvZHVjdElkPTI=
where "ProductId=2" is base 64 encoded to prevent casual snooping on
\Products\List.aspx?ProductId=3
\Products\List.aspx?ProductId=4
etc...?
I will probably have to inherit from an existing object and override some function
The question is which object and what function
GetActionPath of the Metamodel object seems interesting,
but how does the DynamicRoute "{table}/{Action}.aspx" play in into it...
Right now on Asp.net 1.1 site I use an custom implementation of the following code.
http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml It is HTTPModule that uses regular expression to rewrite all the querystrings and also with reflection changes the Querystring collection with decoded values.
So where is the hook to affect the change.
I have found the solution
With advice, I have implemented a Route that inherits from DynamicDataRoute.
The methods overridden were GetVirtualPath and GetRouteData.
Here is the global.asax page
routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action "List|Details|Edit|Insert"}), _
.Model = model})
Here is the Encoded DynamicDataRoute.
Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
MyBase.New(url)
End Sub
Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
If Not (routeData Is Nothing) Then
DecodeRouteValues(routeData.Values)
End If
Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim strOutput As New StringBuilder
Dim val As Object
For Each column As MetaColumn In table.PrimaryKeyColumns
If routeValues.TryGetValue(column.Name, val) Then
strOutput.Append(column.Name & Chr(254) & val & Chr(255))
routeValues.Remove(column.Name)
End If
Next
Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
If routeValues.ContainsKey("x") Then
routeValues.Item("x") = out
Else
routeValues.Add("x", out)
End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
EncodeRouteValues(values)
Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim enc As New System.Text.ASCIIEncoding()
Dim val As Object
If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
Dim nameValuePairs As String() = strString.Split(Chr(255))
Dim col As MetaColumn
For Each str11 In nameValuePairs
Dim vals() As String = str11.Split(Chr(254))
If table.TryGetColumn(vals(0), col) Then
routeValues.Add(val(0), col)
End If
Next
End If
End Sub
End Class
Here is how I did it:
I created 4 functions in a module:
public static string EncryptInt(int val)
public static int DecryptInt(string val)
public static string DecryptStr(string str)
public static string EncryptStr(string source)
When I wanted to create a url I did something like this:
string.Format(#"\path\file.aspx?ID={0}&name={1}",encrypt.EncryptInt(inID),encrypt.EncriptStr(inName));
When I wanted to get the results I would call the Decrypt function on retrieved param.
I used two types because it added a level of type safety to the system, but you could just use one with strings and then call int.Parse() as needed.
Does this answer your question?
For Microsoft's Dynamic Data I believe the hooks would be found in the code behind for the template pages.