Skip to main content

How to write secure mvc application using encrypting URL

There are lots ways available to write the secure Mvc application. In my experience I came across lots of secure application in public facing. I want to tell about some of the mechanism I followed.
1- encrypting the URL Parameters and preserving id's encrypted on the client side
1- I always make sure if I pass Id or any sensitive data into the view always make sure it's encrypted. By doing so make sure if we forced to use HTML.hidden or HTML.hidden for have the encrypted values, in action link if I pass any parameters from the client side (eg:- edit or create or navigating between different actions we can make sure that all the values are encrypted)
During the design of the actions results if it's http get I usually encrypt the sensitive data
[httpget]
Public actionresult display()
{
TestModel testModel=new TestModel();
testModel.id= encrypt(id);
Return View(testModel);
}
[httppost]
Public ActionResult Display(string id)
{
Guid d_id= new Guid(decrypt(id));
// do operation with id
// edit, view, create
String e_id=encrypt(d_id);
Return RedirectToAction{"edit", e_id);
}
By following above encryption mechanism In view if you use the following code
<%:html.hiddenfor(model=>model.id);%>
Or  <%:html.hidden("id", Model.id);%>
Also we can make sure that the id won't be visible to the public.
Thanks
Adarsh

Comments

Post a Comment

Popular posts from this blog

SRT THE REAL HERO

Lets Start with something quite interesting. So I am selecting SRT ( As an Indian too much dedicated towards cricket). For me cricket means Sachin . When ever Sachin is in crease i never looks the score. Like to see Sachin plays at least 35 to 40 overs. Usually by that time he will reach his century. My passion is to study the statistics of Sachin. You know Sachin looks almost 72 games to hit his first century. After 17 years now ( more than 350 matches he played after) he had 46 ODI century, what an amazing batsman. Till 1992 -1993 if you looks his ODI average its in late twenties. But now its after that 350 matches now more than 45 . I know one thing Sachin will play till his wish. I like to see him score more than 100 odi century( Sachin personally enjoys this). Its not a barrier , but a guy got that much passion towards game can achieve it. I always ideals Sachin. While i am working and have difficult situations, I always think how Sachin played 137 against Australia ( dessert ...
2 comments
Read more

CV Preparation

An old saying, - First Impression is the best impression. When we are applying for the jobs, chances of getting interview depend mainly on CV . Each location has its own CV format. While applying for an UK based job you need to sent a standard UK  format CV (optional cases some organisations do not accepts CV ).  1 Header with Name, phone number and email address (avoid address) 2 Career Conspectus – Describe about your experience, what technology you familiar with, what domain you got experience etc 3. Technical Skills – Mention all the technical skills on this section (In good format, if necessary use tables) 4. Certifications - Mention about the Certifications passed. 5. Employment Chronicle- Mention about the professional experience (Most recent first).Include Project name/Client name  , a brief summary  of project, your responsibility (Means role in the project), and the environment(Which  technologies used) which the projects works 6....
2 comments
Read more

Emergence and Creative Confidence

I started my career on 1st of September 2008 as a software developer at Manchester. Some people in my personal life might know about it. I like to say, that day as the day I found an aura in my life, transformation from the worst possible situation into a new beginning in a matter of 1 hour. The week before, I got an interview confirmation from that company and I was not at all excited about it because I know it is going to be the final interview in UK if I am unsuccessful. I was in that mental state because I was not successful for past 12 such occurrences and not expecting anything different. This shows I was not a brilliant person but had a strong passion and hardworking nature to achieve success. I passed my masters on Sep 2007 and after that, I decided to work only in software development, and lots of people including my parents told this as a worst possible decision. To be precise, they have no issues in choosing software development, but on my adamant decision only software de...
Post a Comment
Read more