Post
Ask Question

Part 2: SharePoint : Think before You Pass Your Parameters in Query String Format

We have discussed about the problem and how to deal with it in Part 1: SharePoint : Think before You Pass Your Parameters in Query String Format).

Here I will brief you about how to handle it on destination Side. As we saw we have done an encryption using a key ; now we need to use the same key to decrypt the information from Encrypted text.For this firstly we need to fetch the information from Query String and then decode this using UrlDecode of HttpUtility class.

Please find below is the helper method to encrypt parameters:
  1. using System.Security.Cryptography;      
  2.     
  3. private string Decrypt(string cipherText)    
  4. {    
  5.     string EncryptionKey = "MAKV2SPBNI99212";    
  6.     cipherText = cipherText.Replace(" ""+");    
  7.     byte[] cipherBytes = Convert.FromBase64String(cipherText);    
  8.     using (Aes encryptor = Aes.Create())    
  9.     {    
  10.         Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });    
  11.         encryptor.Key = pdb.GetBytes(32);    
  12.         encryptor.IV = pdb.GetBytes(16);    
  13.         using (MemoryStream ms = new MemoryStream())    
  14.         {    
  15.             using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))    
  16.             {    
  17.                 cs.Write(cipherBytes, 0, cipherBytes.Length);    
  18.                 cs.Close();    
  19.             }    
  20.             cipherText = Encoding.Unicode.GetString(ms.ToArray());    
  21.         }    
  22.     }    
  23.     return cipherText;    
  24. }    
Here is how we need to call this method:
  1. string Location = "SharepointUserLocation";        
  2. string LoggedInUser = "SharepointUser";        
  3.        
  4. string EncryptedLocation = Encrypt(HttpUtility.UrlEncode(Location .Trim()));        
  5. string EncryptedLoggedInUser = Encrypt(HttpUtility.UrlEncode(LoggedInUser.Trim()));        
  6.                     
  7. string Encrypted =  string.Format("~/page.aspx?Location={0}&LoggedInUser={1}", EncryptedLocation , EncryptedLoggedInUser);     
  8.     
  9.  string decryptedLocation = Decrypt(HttpUtility.UrlDecode(EncryptedLocation));    
  10.             string decryptedLoggedInUser =  Decrypt(HttpUtility.UrlDecode(EncryptedLoggedInUser));    
  11.     
  12.             string decrypted = string.Format("~/page.aspx?Location={0}&LoggedInUser={1}", decryptedLocation, decryptedLoggedInUser);    
Happy SharePointing !!!