Home/ Questions/Q 796289
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T22:37:03+00:00

Hii, I have a query string like http://project/page1.aspx?userID=5 . The operation won’t be performed,

  • 0

Hii,

I have a query string like “http://project/page1.aspx?userID=5“. The operation won’t be performed, if the ‘userID’ parameter changed manually. How it is possible?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Hii all, thank you for your assistance… and i got some difference sort of solution from some other sites. i don’t know that the best solution. that is to encode the value using an encryption and decryption algorithm… The sample code has been written like this…

    <a href='Page1.aspx?UserID=<%= HttpUtility.UrlEncode(TamperProofStringEncode("5","F44fggjj")) %>'>
        Click Here</a> <!--Created one anchor tag and call the function for TamperProofStringEncode-->

    
    
 private string TamperProofStringEncode(string value, string key)
 {
            System.Security.Cryptography.MACTripleDES mac3des = new    System.Security.Cryptography.MACTripleDES();
            System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
            mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));
            return Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(value)) + "-" + Convert.ToBase64String(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(value)));
        }

    In the page load of ‘Page1’ call the decode algorithm to decode the query string

    try
        {
            string DataString = TamperProofStringDecode(Request.QueryString["UserID"], "F44fggjj");
            Response.Write(DataString);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }

    private string TamperProofStringDecode(string value, string key)
    {
        string dataValue = "";
        string calcHash = "";
        string storedHash = "";

        System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
        System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
        mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));

        try
        {
            dataValue = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[0]));
            storedHash = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[1]));
            calcHash = System.Text.Encoding.UTF8.GetString(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(dataValue)));

            if (storedHash != calcHash)
            {
                //'Data was corrupted
                throw new ArgumentException("Hash value does not match");
                //  'This error is immediately caught below

            }
        }
        catch (Exception ex)
        {
            throw new ArgumentException("Invalid TamperProofString");
        }

        return dataValue;

    }
    • 0