/// <summary>
/// This method takes a link and appends to it the secure hash used to validate the query string
/// </summary>
/// <param name="link">link</param>
/// <returns>input link with mac paramater appended</returns>
public static string GenerateSecureLink(string link)
{
string toHash = "";
string[] querystring = null;
string[] vars = null;
string[] vals = null;
if (link.Contains("?"))
{
querystring = link.Split('?'); vars = querystring[1].Split('&');
foreach (string st in vars)
{
vals = st.Split('=');
toHash += vals[1].ToString();
}
}
else
{
querystring = link.Split('?');
vars = querystring[1].Split('=');
toHash += vals[1].ToString();
}
string hashed = TamperProofString.Hash(toHash + TamperProofString.AccessCode);
return(link + "&mac=" + hashed);
}
/// <summary>
/// This method takes an HttpRequest as a parameter and checks whether the query string parameters have been
/// manipulated by the user
/// </summary>
/// <param name="Request">HttpRequest, used to take the querystring item</param>
/// <returns>true if query string is authentic, false otherwise</returns>
public static bool ValidateLink(HttpRequest request)
{
try
{
if (request.QueryString.Count > 0)
{
String[] queryKeys = request.QueryString.AllKeys;
int queryCount = request.QueryString.Count;
string toHash = "";
for (int m = 0; m < queryCount; m++)
{
if (queryKeys[m] != "mac")
{
toHash += HttpContext.Current.Server.UrlEncode(request.QueryString[queryKeys[m]]);
}
}
string hashed = TamperProofString.Hash(toHash + TamperProofString.AccessCode);
if (hashed != HttpContext.Current.Server.UrlEncode(request.QueryString["mac"]))
{
return(false);
}
else
{
return(true);
}
}
else
{
return(false);
}
}
catch
{
return(false);
}
}