Skip to main content

How to write secure mvc application using encrypting URL

There are lots ways available to write the secure Mvc application. In my experience I came across lots of secure application in public facing. I want to tell about some of the mechanism I followed.
1- encrypting the URL Parameters and preserving id's encrypted on the client side
1- I always make sure if I pass Id or any sensitive data into the view always make sure it's encrypted. By doing so make sure if we forced to use HTML.hidden or HTML.hidden for have the encrypted values, in action link if I pass any parameters from the client side (eg:- edit or create or navigating between different actions we can make sure that all the values are encrypted)
During the design of the actions results if it's http get I usually encrypt the sensitive data
[httpget]
Public actionresult display()
{
TestModel testModel=new TestModel();
testModel.id= encrypt(id);
Return View(testModel);
}
[httppost]
Public ActionResult Display(string id)
{
Guid d_id= new Guid(decrypt(id));
// do operation with id
// edit, view, create
String e_id=encrypt(d_id);
Return RedirectToAction{"edit", e_id);
}
By following above encryption mechanism In view if you use the following code
<%:html.hiddenfor(model=>model.id);%>
Or  <%:html.hidden("id", Model.id);%>
Also we can make sure that the id won't be visible to the public.
Thanks
Adarsh

Comments

Post a Comment

Popular posts from this blog

Compiled Query- Improve the performance of Linq to Entity Query

Most of the small or medium IT firms are using the Entity framework for the Data Access layer (DAL). If we write a complex linq to Entity queries performance will always be an issue. But with the Compiled Query Performance can be improved. This below definitions are from MSDN and more details can be found on the MSDN Link that is at the end of this post           When you have an application that executes structurally similar queries many times in the Entity Framework, you can frequently increase performance by compiling the query one time and executing it several times with different parameters. For example, an application might have to retrieve all the QuoteRevision for a particular quotelineStatus, the quotelinestatus is specified at runtime. LINQ to Entities supports using compiled queries for this purpose.               The  compiled query class provides compilation and caching of queries for reuse . Co...
1 comment
Read more

Sql Server Internals - Named Pipes

Named pipes enables clients applications to request a reliable and two way connection between the client application and Sql Server, across a network. A named pipe has a name which follows the UNC naming convention : \\Server\pipe\name The default names pipe for SQL server is :                 \\Server\pipe\sql\query A named instance would have a named pipe of                \\server\pipe\MSSQL$instancename\sql\query Early versions of SQL Server only provided Named Pipes. Named Pipes also allows for impersonation of a clients credentials. The feature is used by SQL server when using Linked Servers. The clients logon credentials are passed across to the Linked Server for authentication. Named Pipes can operate over TCP/IP, NETBEUI or IPX as it indirectly relies on the Common Internet Files Sytems
Post a Comment
Read more

SRT THE REAL HERO

Lets Start with something quite interesting. So I am selecting SRT ( As an Indian too much dedicated towards cricket). For me cricket means Sachin . When ever Sachin is in crease i never looks the score. Like to see Sachin plays at least 35 to 40 overs. Usually by that time he will reach his century. My passion is to study the statistics of Sachin. You know Sachin looks almost 72 games to hit his first century. After 17 years now ( more than 350 matches he played after) he had 46 ODI century, what an amazing batsman. Till 1992 -1993 if you looks his ODI average its in late twenties. But now its after that 350 matches now more than 45 . I know one thing Sachin will play till his wish. I like to see him score more than 100 odi century( Sachin personally enjoys this). Its not a barrier , but a guy got that much passion towards game can achieve it. I always ideals Sachin. While i am working and have difficult situations, I always think how Sachin played 137 against Australia ( dessert ...
2 comments
Read more