Register  Login  
  February 9, 2012  
Home

Modules
       SQLGridSelectView
          User Guide
          Examples
             Stored Procedure
             Google Scan
             Referrals
             Links
             Inter-module Communication 
       MenuLinks
          User's Guide
       SQLChart
          User Guide
          Sample Chart
          Sample Chart - Columns
          Sample Chart - Columns - 3D
          Sample Chart - Area
          Sample Chart - Stacked Column
          Sample Chart - Bar
       T-Minus V5.0
          User Guide
       XMLdb V5.5
          User Guide
       Simple Query
          Users Guide
       ThermoChart
          User Guide

Blog

Forum

Subscriptions

Free Modules
       SQLGridSelectedView V4.1
          User Guide
          Examples
             Stored Procedure
             Google Scan
             Referrals
             Links
          DownLoads
       T-Minus V3.1
          DownLoads
       XMLdb V3.5
          Downloads
          NorthWind Customer Paging Example
       SQLChart V3.0
          Downloads
       IFrame64 V1.0
          Downloads
          User Guide
       Other Files
          Download

Videos
Forum    
Forum Minimize
 
ForumForumDiscussionsDiscussionsGeneralGeneralIframe64Iframe64
Previous Previous
 
Next Next
New Post
 8/16/2009 8:37 AM
 
Karim
No Ranking

Joined: 8/13/2009
Posts: 1

hi,

I have a question about the iframe64 module. What encryption routine are you using? is it SHA1, CRC32 etc. I want to build the decryptor in the target pages.

Thanks
New Post
 8/16/2009 10:23 PM
 
Paul (Admin)
1st Level Poster

Joined: 11/1/2005
Posts: 498
 Modified By Paul (Admin) on 8/16/2009 6:33:51 PM

Good point .. I need to give some examples of how to do this..

Luckly it is very simple .. For encryption.  I used the default encryption enable by DotNetNuke.  So that the encrypted string and pass to  DotNetNuke.Common.Utilities.UrlUtils.DecryptParameter.  Simple.

Similarly if you are using Base64 just to blur the parameters use Convert.FromBase64String to convert the Base64 encoded string into clear text.

Hope this helps
Paul.
New Post
 10/4/2009 12:26 PM
 
iqworks
No Ranking

Joined: 10/3/2009
Posts: 5

  Hi, 
      IFrame64 was just what I was looking for, but I am having issues with decription.

      I am trying to use the UrtUtils.DecryptParameter. I keep getting Null value errors. Here is my scenerio.    
      I have my IFrame64 set up with

     must be logged in checked.
     Encoding of Parameter Values: Encrypt
     Separator : &
     Query string is :
     Name : data     value : Static Value    the value is : "Goals"

     In Debug, this is what the qrystring looks like:
    "  Context.Request.QueryString {data=7KTwbwY6KIo%3d}  "

    This is how I am using he DecryptParameter :

   string ddata = UrlUtils.DecryptParameter(Context.Request.QueryString["data"]).ToString();    Here is the error I am getting.

 

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 

Line 40:               /*string RETURNS FULL STRING ! - */
Line 41:               // string datta = Server.UrlEncode(Request.QueryString["data"].ToString());
Line 42:                string ddata = UrlUtils.DecryptParameter(Context.Request.QueryString["data"]).ToString(); 
Line 43: 
Line 44:                //string datta = Page.Request.QueryString["data"];

Source File: c:\IQSys\iqDNN\mybodyscience\MBSLegacy\MBS_Traffic2.aspx    Line: 42

   I am just wondering If I am using the DecryptParameter correctly ?  The searches I have made look like I am.
   I did notice that when I look at what appears to be the source for this DecryptParameter Method, that it does get the GUID, but then it seems like it is getting what it
wants for a key before it calls objSecurity.Decrypt( strKey, Value );
   This is a sample : 

Should I be using something else to decrypt maybe ? 
Thanks for any advice

public static string DecryptParameter( string Value )

{

PortalSettings _portalSettings = PortalController.GetCurrentPortalSettings();

string strKey = _portalSettings.GUID.ToString(); // restrict the key to 6 characters to conserve space

PortalSecurity objSecurity = new PortalSecurity();

return objSecurity.Decrypt( strKey, Value );

}
New Post
 10/4/2009 8:16 PM
 
Paul (Admin)
1st Level Poster

Joined: 11/1/2005
Posts: 498

Hi,

On quick review, I believe the ".tostring" is not required. 

Paul.
New Post
 10/4/2009 11:14 PM
 
iqworks
No Ranking

Joined: 10/3/2009
Posts: 5

  Hi Paul,
      I am new to dotnetnuke and C# / .NET for that matter. 
      I think it may be more than just the toString because I have tried it without the toString.
       I could be wrong, but from what I have read, it seems like when the IFrame launches this aspx file, it is said to be out of the dotnetnuke process, so it seems that some dotnetnuke classes become unavailable in this scenerio ?  So, it cant even see the UrlUtils class ?  

      When I tried it in a class I have in the app_code folder, I got a different error.

      So my questions now becomes, 
      1) you are using 3DES, correct ?
      2) did I think correctly about the aspx file being out of the dotnetnuke process when it is launched by IFrame ?
      3) Would you or anyone out there have a sample of a good decryption snippet to use with IFrame64 ?
      4) If you use base64, is it a common algorithem that can be used by someone to decrypt your URL ?

   thanks for for your time

 
New Post
 10/5/2009 6:07 PM
 
iqworks
No Ranking

Joined: 10/3/2009
Posts: 5

  Hi Paul,

       I am really trying to use this IFrame64. 
       I cannot figure out how to decrypt it.
       Are there any clues on how to decrypt your product ?  If I cannot decrypt it, I cannot use it.
       What did you mean by sitekey - did you mean the DecryptionKey from the web.config, the GUID or ??
       I guess your code is proprietory, so, can you give a clue as to what classes you are using to encrypt ?
       I am new to C# / .NET, so, I am a bit lost here ?

  thanks  
New Post
 10/5/2009 9:22 PM
 
Paul (Admin)
1st Level Poster

Joined: 11/1/2005
Posts: 498

Developing Modules for DNN can be a bit difficult if you get off to a bad start.

I would recommend you look at the Module Development book by Mitchel Sellers as it is a good introduction.  He uses the Web Application (WAP) method of development as do I.  I develop in VB.NET and find the combination very easy once you get going.

As for the decryption of the encrypted query parameters -- you should just need something like the following:

  sParameter = UrlUtils.DecryptParameter(sEncryptedParameter)

Notice, no need for the tostring.

Hopes this helps.
Paul.
New Post
 10/9/2009 10:52 PM
 
iqworks
No Ranking

Joined: 10/3/2009
Posts: 5

 

Hi Paul,

I think I may be doing something wrong, so here are your instructions ....

Encoding of parameter is set to none by default, however this can be changed to Base64 encoding or to

Create a Single Parameter

defined. All the key-value pairs will be combined into a single string and Base64 Encoded.
 

when enabled will create a single parameter for all the key-values pairs


There are to many ways to encrypt and decrypt. To decrypt, it seems like you must use many of the same variables (key, IV, how the input is turned into bytes, etc), as was used during encryption.

The only way to guarantee I am decrypting correctly is if it works, it helps though if I know how the data was encrypted in the first place.
 

As for the use of the UrlUtils.DecryptParameter , the problem is that when a DNN IFrame launches its aspx or html, it does so

in a new thread. There are TONS of information, issues and problems on the web about this. When a new Thread is created in this IFrame scenerio, the HTTPContext.Items looses the ["PortalSettings"] item. The UrlUtils.DecryptParameter method needs at least the GUID from this or it bombs. So I dont understand how you used it in an IFrame scenerio ?

I am thinking that you may of used the UrlUtils.EncryptParameter ? When you did, of course it worked because you where in the Main Thread before
IFrame64 launched the aspx or html page from the IFrame with the newly encrypted parameter. But as I said, once the page is launched, it is in a whole new

thread so the Decrypt parameter does not appear to work.
 

Since you are not saying what you are using or how you are encrypting your data. This leaves this rookie at a disadvantage.

I have tested IFrame64 by running it with "Encoding of Parameter Values: None". I encrypted the value and decrypted it correctly using System.Security.Cryptography, TripleDESCryptoServiceProvider. The key I used was the MachineKey DecriptionKey from my web.config.

 

So, I have to ask myself, why can I encrypt and decrypt an IFrame64 "Encoding of Parameter Value: None". I used my sitekey (which

I think is suppose to be my MachineKey DecryptionKey), but I cannot decrypt the IFrame64 "Encoding of Parameter Value: Encrypt".


 

This is what I used for testing all of the scenerios I mentioned above ....

 

{

 

public static string Decrypt3DES(string EncryptedText, string DecryptionKey)// byte[] EText = System.Text.Encoding.UTF8.GetBytes(EncryptedText);

 

 

 

 

 

InitializationVector),

CStream.Write(EText, 0, EText.Length);

CStream.FlushFinalBlock();

System.Text.

 

}

Anyway, I have to think that if I can encrypt and decrypt a non encrypted value from IFrame64 using base64, then it must be something else that can only be determined by

knowing exactly how the data gets encrypted. Since the Encryption is based on my sitekey,

the logic should not pose any proprietary problems, if so, then your encryption cant be as simple as one of the standard API's, I am confused about why I should not be able to get that from you ?

I wish i could use your IFrame64, it was a great way to solve my problem. But, again,

its probably me not knowing what I am doing.

thanks

byte[] EText = Convert.FromBase64String(EncryptedText);byte[] DKey = System.Text.Encoding.UTF8.GetBytes(DecryptionKey);MemoryStream MStream = new MemoryStream();TripleDESCryptoServiceProvider CSProvider = new TripleDESCryptoServiceProvider();CryptoStream CStream = new CryptoStream(MStream, CSProvider.CreateDecryptor(DKey, CryptoStreamMode.Write);Encoding NCoding = System.Text.Encoding.UTF8;return NCoding.GetString(MStream.ToArray());I will buy the book suggested.

Encryption. The Encryption is based on the site keys associated with each individual Dotnetnuke site.
New Post
 10/9/2009 11:04 PM
 
iqworks
No Ranking

Joined: 10/3/2009
Posts: 5

  Man that came out terrible, i tried to cut and paste from an rtf document into this editor, dont know what happened there. I am just striking out with this site all the way around :-)
  Let me try to at least give you the code I used to test everything....  

public static string Decrypt3DES(string EncryptedText, string DecryptionKey)

{

// byte[] EText = System.Text.Encoding.UTF8.GetBytes(EncryptedText);
byte[] EText = Convert.FromBase64String(EncryptedText);

byte[] DKey = System.Text.Encoding.UTF8.GetBytes(DecryptionKey);

MemoryStream MStream = new MemoryStream();

TripleDESCryptoServiceProvider CSProvider = new TripleDESCryptoServiceProvider();

CryptoStream CStream = new CryptoStream(MStream, CSProvider.CreateDecryptor(DKey,

InitializationVector), CryptoStreamMode.Write);

CStream.Write(EText, 0, EText.Length);

CStream.FlushFinalBlock();

System.Text.Encoding NCoding = System.Text.Encoding.UTF8;

return NCoding.GetString(MStream.ToArray());

}
 

 

 

 
 Page 1 of 1
Previous Previous
 
Next Next
ForumForumDiscussionsDiscussionsGeneralGeneralIframe64Iframe64

Print  

  Home | Blog | Forum | Subscriptions | Free Modules | Videos   Page generated in 0.2036333 seconds.
  Copyright 2010 by TressleWorks   Terms Of Use | Privacy Statement