Monday, 3 May 2004

'Securing' data on client round-trips

When my website users go 'off-site' I want to set some information that I can check later, with some confidence that they have not altered it.

OK, I can put it in a Session variable, but I don't have Sessions enabled. What I want to do is encrypt a little chunk of data which can be added to the ViewState, hidden FORM field or Cookie (ie. it will be "client/transport implementation independent"), and check it again later on...

I think these two articles: String Encryption With Visual Basic .NET and Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication might be what I'm looking for... perhaps using Base64 if there's binary data being generated.

If I get it working I'll post it here (as always)

No comments:

Post a Comment

Note: only a member of this blog may post a comment.