Asp.Net 1.1 - Transparently Encrypting Cookie Data

C

Chris Newby

I'm looking for a way to transparently encrypt cookie data using Asp.Net
1.1.

Ideally, developers could still do things like:

HttpCookie cookie = new HttpCookie( "clearTextKey", "clearTextValue" );
Response.Cookies.Add( cookie );

and ...

Request.Cookies[ "clear text key" ] = "clear text value";

However the useragent would get a cookie that looked like:
securedData={a strong symmetric hash of the string
"clearTextKey=clearTextValue"}

I know how to use the .Net encryption namespaces no problem ... the point
here is *transparency* to the developer. I don't see why developers should
have to do things like:

HttpCookie cookie = new HttpCookie("UserName", "Terminator");
cookie.Expires = DateTime.Now.AddDays(1);
HttpCookie encodedCookie = HttpSecureCookie.Encode(cookie);
Response.Cookies.Add(encodedCookie);

or ...

HttpCookie cookie = Request.Cookies["UserName"];
lblDisplayBefore.Text = cookie.Value;
HttpCookie decodedCookie = HttpSecureCookie.Decode(cookie);

................................................

I suppose what I'm looking for is a way to enc and dec specfic values within
the request and response streams before and after the HttpContext object is
created?

Dunno, I'm looking, but I don't see any way to do this ... I'd like to do
this with query string data as well. Thoughts? Does this maybe get handled
in 2.0 or 3.0?

TIA//
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,990
Messages
2,570,211
Members
46,796
Latest member
SteveBreed

Latest Threads

Top