/// <summary> /// This method takes a link and appends to it the secure hash used to validate the query string /// </summary> /// <param name="link">link</param> /// <returns>input link with mac paramater appended</returns> public static string GenerateSecureLink(string link) { string toHash = ""; string[] querystring = null; string[] vars = null; string[] vals = null; if (link.Contains("?")) { querystring = link.Split('?'); vars = querystring[1].Split('&'); foreach (string st in vars) { vals = st.Split('='); toHash += vals[1].ToString(); } } else { querystring = link.Split('?'); vars = querystring[1].Split('='); toHash += vals[1].ToString(); } string hashed = TamperProofString.Hash(toHash + TamperProofString.AccessCode); return(link + "&mac=" + hashed); }
/// <summary> /// This method takes an HttpRequest as a parameter and checks whether the query string parameters have been /// manipulated by the user /// </summary> /// <param name="Request">HttpRequest, used to take the querystring item</param> /// <returns>true if query string is authentic, false otherwise</returns> public static bool ValidateLink(HttpRequest request) { try { if (request.QueryString.Count > 0) { String[] queryKeys = request.QueryString.AllKeys; int queryCount = request.QueryString.Count; string toHash = ""; for (int m = 0; m < queryCount; m++) { if (queryKeys[m] != "mac") { toHash += HttpContext.Current.Server.UrlEncode(request.QueryString[queryKeys[m]]); } } string hashed = TamperProofString.Hash(toHash + TamperProofString.AccessCode); if (hashed != HttpContext.Current.Server.UrlEncode(request.QueryString["mac"])) { return(false); } else { return(true); } } else { return(false); } } catch { return(false); } }