Skip to main content

Posts

Showing posts from October, 2012

How to write secure mvc application using encrypting URL

There are lots ways available to write the secure Mvc application. In my experience I came across lots of secure application in public facing. I want to tell about some of the mechanism I followed.
1- encrypting the URL Parameters and preserving id's encrypted on the client side
1- I always make sure if I pass Id or any sensitive data into the view always make sure it's encrypted. By doing so make sure if we forced to use HTML.hidden or HTML.hidden for have the encrypted values, in action link if I pass any parameters from the client side (eg:- edit or create or navigating between different actions we can make sure that all the values are encrypted)
During the design of the actions results if it's http get I usually encrypt the sensitive data
[httpget]
Public actionresult display()
{
TestModel testModel=new TestModel();
testModel.id= encrypt(id);
Return View(testModel);
}
[httppost]
Public ActionResult Display(string id)
{
Guid d_id= new Guid(decrypt(id));
// do operati…