Introduction
Knowledge Base
Controls / Script Manager / Encrypt Telerik WebResource Querystring
New to Telerik UI for ASP.NET AJAXStart a free 30-day trial

Encrypt Telerik WebResource Querystring

Updated on May 9, 2025

You can choose to encrypt the querystring parameters that the Telerik WebResource request has in order to make them unreadable for a third party inspecting the network traffic as of Q3 2015.

This feature affects RadScriptManager and RadStyleSheetManager, and the Telerik.Web.UI.WebResoruce.axd handler.

Example 1: Enable Telerik WebResource querystring encryption.

web.config
<appSettings>
	<add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>
</appSettings>

You must also ensure that the encrypted URL will not be trimmed which will break the request.

Example 2: Increasing the maximum querystring length and URL length for an application:

web.config
. . . .
<httpRuntime maxRequestLength="204800" executionTimeout="36000" maxQueryStringLength="4096"/>
. . . .
<security>
	<requestFiltering>
		<requestLimits maxAllowedContentLength="209715200" maxQueryString="4096" maxUrl="4096" />
	</requestFiltering>
</security>

See Also

Here is the whole web.config file:

XML
<?xml version="1.0"?>
<configuration>
  <appSettings>
    <add key="Telerik.ScriptManager.EnableHandlerEncryption" value="true"/>
    <add key="Telerik.Skin" value="Bootstrap" />
    <add key="Telerik.ScriptManager.TelerikCdn" value="Disabled" />
    <add key="Telerik.StyleSheetManager.TelerikCdn" value="Disabled" />
    <add key="Telerik.Web.UI.RenderMode" value="lightweight" />
  </appSettings>
  <system.web>
    <compilation debug="false" targetFramework="4.8.1" />
    <httpRuntime targetFramework="4.8.1" maxRequestLength="204800" executionTimeout="36000" maxQueryStringLength="4096"/>
    <pages>
      <controls>
        <add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
      </controls>
    </pages>
    <httpHandlers>
      <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />
      <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
      <add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
      <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
    </httpHandlers>
  </system.web>

  <system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="209715200" maxQueryString="4096" maxUrl="4096" />
      </requestFiltering>
    </security>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="Telerik_Web_UI_SpellCheckHandler_axd" />
      <add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode" />
      <remove name="Telerik_Web_UI_DialogHandler_aspx" />
      <add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode" />
      <remove name="Telerik_RadUploadProgressHandler_ashx" />
      <add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode" />
      <remove name="Telerik_Web_UI_WebResource_axd" />
      <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode" />
    </handlers>
  </system.webServer>
</configuration>

You can find more information in the Security article and Setting the web.config File articles.

In this article
See Also
Not finding the help you need?
Contact Support