我创建了一个页面,用于加密两个字段并将其发送到另一个解密的页面。
问题是,如果我将提交按钮发送给用户的smtp电子邮件(而不是page2.aspx本身)并且他们在任何其他浏览器中打开页面而不是加密的那个,它就不再有效了
例如:在page1.aspx上有一个ID字段,一个电子邮件字段和一个提交按钮。提交时,它会加密ID字段并将其作为链接发送(page2.aspx?query = ENCRYPTED DATA),我可以在其中查看数据。 (如果我留在特定的浏览器中,这是有效的)
问题是当我在另一个浏览器中打开链接时,我收到了错误的数据错误。 (在Firefox中加密然后在谷歌浏览器中打开链接)它会抛出错误数据服务器错误。
有关如何解决此问题的任何想法?我希望能够从电子邮件中打开链接,但允许使用加密链接进行跨浏览器活动。任何解决方案都会很棒。感谢。
这是加密:
public string Encrypt(string message)
{
UTF8Encoding textConverter = new UTF8Encoding();
RC2CryptoServiceProvider rc2CSP = new RC2CryptoServiceProvider();
byte[] toEncrypt = textConverter.GetBytes(message);
ICryptoTransform encryptor = rc2CSP.CreateEncryptor(ScrambleKey, ScrambleIV);
MemoryStream msEncrypt = new MemoryStream();
CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
byte[] length = new byte[4];
length[0] = (byte)(message.Length & 0xFF);
length[1] = (byte)((message.Length >> 8) & 0xFF);
length[2] = (byte)((message.Length >> 16) & 0xFF);
length[3] = (byte)((message.Length >> 24) & 0xFF);
csEncrypt.Write(length, 0, 4);
csEncrypt.Write(toEncrypt, 0, toEncrypt.Length);
csEncrypt.FlushFinalBlock();
byte[] encrypted = msEncrypt.ToArray();
string b64 = Convert.ToBase64String(encrypted);
string b64mod = b64.Replace('+', '@');
return HttpUtility.UrlEncode(b64mod);
}
这是电子邮件:
private void AutomatedEmail()
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString4"].ConnectionString);
DataTable dt = new DataTable();
con.Open();
SqlDataReader rd = null;
SqlCommand com = new SqlCommand("SELECT ID WHERE ID = @ID", con);
com.Parameters.AddWithValue("@ID", lblid.InnerText);
rd = com.ExecuteReader();
while (rd.Read())
{
string Query = "http://page2.aspx?query=" + Encrypt("ID=" + (rd["ID"].ToString()));
MailMessage message = new MailMessage();
message.To.Add(rd["OwnerEmail"].ToString());
message.From = new MailAddress("xxxxxxxxxxxxx");
message.Subject = "Test Email";
message.Body = "Test: " + Query;
SmtpClient smtp = new SmtpClient("xxxx");
smtp.Port = xxxx;
smtp.EnableSsl = false;
NetworkCredential netcre = new NetworkCredential("xxxx", "xxxx");
smtp.Credentials = netcre;
smtp.Send(message);
}
con.Close();
}
***** EDIT *****
加密/解密密钥:
public byte[] ScrambleKey
{
set
{
byte[] key = value;
if (null == key)
{
key = ScrambleKey;
}
Session["ScrambleKey"] = key;
}
get
{
byte[] key = (byte[])Session["ScrambleKey"];
if (null == key)
{
RC2CryptoServiceProvider rc2 = new RC2CryptoServiceProvider();
rc2.GenerateKey();
key = rc2.Key;
Session["ScrambleKey"] = key;
}
return key;
}
}
public byte[] ScrambleIV
{
set
{
byte[] key = value;
if (null == key)
{
key = ScrambleIV;
}
Session["ScrambleIV"] = key;
}
get
{
byte[] key = (byte[])Session["ScrambleIV"];
if (null == key)
{
RC2CryptoServiceProvider rc2 = new RC2CryptoServiceProvider();
rc2.GenerateIV();
key = rc2.IV;
Session["ScrambleIV"] = key;
}
return key;
}
}
接收页面:解密:
public string Decrypt(string scrambledMessage)
{
UTF8Encoding textConverter = new UTF8Encoding();
RC2CryptoServiceProvider rc2CSP = new RC2CryptoServiceProvider();
string b64mod = HttpUtility.UrlDecode(scrambledMessage);
string b64 = b64mod.Replace('@', '+');
byte[] encrypted = Convert.FromBase64String(b64);
ICryptoTransform decryptor = rc2CSP.CreateDecryptor(ScrambleKey, ScrambleIV);
MemoryStream msDecrypt = new MemoryStream(encrypted);
CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);
byte[] fromEncrypt = new byte[encrypted.Length - 4];
byte[] length = new byte[4];
csDecrypt.Read(length, 0, 4);
csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);
int len = (int)length[0] | (length[1] << 8) | (length[2] << 16) | (length[3] << 24);
return textConverter.GetString(fromEncrypt).Substring(0, len);
}
public NameValueCollection DecryptQueryString(string scrambledMessage)
{
string queryString = Decrypt(scrambledMessage);
NameValueCollection result = new NameValueCollection();
char[] splitChar = new char[] { '&' };
char[] equalChar = new char[] { '=' };
foreach (string s in queryString.Split(splitChar))
{
string[] keyVal = s.Split(equalChar, 2);
string key = keyVal[0];
string val = String.Empty;
if (keyVal.Length > 1) val = keyVal[1];
result.Add(key, val);
}
return result;
}
来源错误:第112行。
Line 110: byte[] length = new byte[4];
Line 111: csDecrypt.Read(length, 0, 4);
Line 112: csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);
Line 113: int len = (int)length[0] | (length[1] << 8) | (length[2] << 16) | (length[3] << 24);
Line 114: return textConverter.GetString(fromEncrypt).Substring(0, len);