This my second post of almost same topic asp.net lacking. This time
it is Cookie. Still Asp.net has the lacking of creating encrypted
cookie. Here is another handy class which generates encrypted cookie.
Usage:
Labels:
ASP.Net
,
Security
,
Web Programming
Usage:
//Writing CookieSecureCookie.Set(Response, "Key1", "Value1", DateTime.Now.AddDays(1)); SecureCookie.Set(Response, "Key1", "Value1"); //Overloaded
//Reading Cookiestring key1Value = SecureCookie.Get(Request, "Key1");SecureCookie:
using System; using System.IO; using System.Text; using System.Web; using System.Web.UI; using System.Diagnostics; using System.Security.Cryptography; public sealed class SecureCookie{ //Rijndael Key size is 256 bit or 32 byte, Can also be mentioned in web.config instead of hardcoding private static readonly byte[] Key = new byte[] {45, 236, 171, 7, 85, 6, 41, 34, 216, 14, 78, 156, 78, 3, 103, 154, 9, 150, 65, 54, 226, 95, 68, 79, 159, 36, 246, 57, 177, 107, 116, 8}; [DebuggerStepThrough()] public static void Set(HttpResponse response, string key, string value, DateTime expire) { HttpCookie cookie = new HttpCookie(HttpUtility.UrlEncode(Encrypt(key)), HttpUtility.UrlEncode(Encrypt(value))); if ((expire != DateTime.MinValue) && (expire != DateTime.MaxValue)) { cookie.Expires = expire; } response.Cookies.Set(cookie); } [DebuggerStepThrough()] public static void Set(HttpResponse response, string key, string value) { Set(response, key, value, DateTime.MaxValue); } [DebuggerStepThrough()] public static string Get(HttpRequest request, string key) { HttpCookie cookie = request.Cookies[HttpUtility.UrlEncode(Encrypt(key))]; if (cookie == null) { return null; } if ((cookie.Value == null) || (cookie.Value.Length == 0)) { return null; } string value = HttpUtility.UrlDecode(cookie.Value); return Decrypt(value); } [DebuggerStepThrough()] private static string Encrypt(string plain) { if ((plain == null) || (plain.Length == 0)) { return null; } using(SymmetricAlgorithm crypto = CreateCrypto()) { return System.Convert.ToBase64String(Read(crypto.CreateEncryptor(), Encoding.ASCII.GetBytes(plain))); } } [DebuggerStepThrough()] private static string Decrypt(string cipher) { if ((cipher == null) || (cipher.Length == 0)) { return null; } using(SymmetricAlgorithm crypto = CreateCrypto()) { return Encoding.ASCII.GetString(Read(crypto.CreateDecryptor(), System.Convert.FromBase64String(cipher))); } } [DebuggerStepThrough()] private static SymmetricAlgorithm CreateCrypto() { //Using Rijndael as it is much more secure among the others SymmetricAlgorithm crypto = new RijndaelManaged(); crypto.Key = Key; crypto.IV = new byte[crypto.IV.Length]; return crypto; } [DebuggerStepThrough()] private static byte[] Read(ICryptoTransform transformer, byte[] data) { using(MemoryStream ms = new MemoryStream()) { using(CryptoStream cs = new CryptoStream(ms, transformer, CryptoStreamMode.Write)) { cs.Write(data, 0, data.Length); cs.FlushFinalBlock(); return ms.ToArray(); } } } }
Responses
0 Respones to "Secure Cookie"
Post a Comment