C
Chris Newby
I'm looking for a way to transparently encrypt cookie data using Asp.Net
1.1.
Ideally, developers could still do things like:
HttpCookie cookie = new HttpCookie( "clearTextKey", "clearTextValue" );
Response.Cookies.Add( cookie );
and ...
Request.Cookies[ "clear text key" ] = "clear text value";
However the useragent would get a cookie that looked like:
securedData={a strong symmetric hash of the string
"clearTextKey=clearTextValue"}
I know how to use the .Net encryption namespaces no problem ... the point
here is *transparency* to the developer. I don't see why developers should
have to do things like:
HttpCookie cookie = new HttpCookie("UserName", "Terminator");
cookie.Expires = DateTime.Now.AddDays(1);
HttpCookie encodedCookie = HttpSecureCookie.Encode(cookie);
Response.Cookies.Add(encodedCookie);
or ...
HttpCookie cookie = Request.Cookies["UserName"];
lblDisplayBefore.Text = cookie.Value;
HttpCookie decodedCookie = HttpSecureCookie.Decode(cookie);
................................................
I suppose what I'm looking for is a way to enc and dec specfic values within
the request and response streams before and after the HttpContext object is
created?
Dunno, I'm looking, but I don't see any way to do this ... I'd like to do
this with query string data as well. Thoughts? Does this maybe get handled
in 2.0 or 3.0?
TIA//
1.1.
Ideally, developers could still do things like:
HttpCookie cookie = new HttpCookie( "clearTextKey", "clearTextValue" );
Response.Cookies.Add( cookie );
and ...
Request.Cookies[ "clear text key" ] = "clear text value";
However the useragent would get a cookie that looked like:
securedData={a strong symmetric hash of the string
"clearTextKey=clearTextValue"}
I know how to use the .Net encryption namespaces no problem ... the point
here is *transparency* to the developer. I don't see why developers should
have to do things like:
HttpCookie cookie = new HttpCookie("UserName", "Terminator");
cookie.Expires = DateTime.Now.AddDays(1);
HttpCookie encodedCookie = HttpSecureCookie.Encode(cookie);
Response.Cookies.Add(encodedCookie);
or ...
HttpCookie cookie = Request.Cookies["UserName"];
lblDisplayBefore.Text = cookie.Value;
HttpCookie decodedCookie = HttpSecureCookie.Decode(cookie);
................................................
I suppose what I'm looking for is a way to enc and dec specfic values within
the request and response streams before and after the HttpContext object is
created?
Dunno, I'm looking, but I don't see any way to do this ... I'd like to do
this with query string data as well. Thoughts? Does this maybe get handled
in 2.0 or 3.0?
TIA//