Skip to main content

How to write secure mvc application using encrypting URL

There are lots ways available to write the secure Mvc application. In my experience I came across lots of secure application in public facing. I want to tell about some of the mechanism I followed.
1- encrypting the URL Parameters and preserving id's encrypted on the client side
1- I always make sure if I pass Id or any sensitive data into the view always make sure it's encrypted. By doing so make sure if we forced to use HTML.hidden or HTML.hidden for have the encrypted values, in action link if I pass any parameters from the client side (eg:- edit or create or navigating between different actions we can make sure that all the values are encrypted)
During the design of the actions results if it's http get I usually encrypt the sensitive data
[httpget]
Public actionresult display()
{
TestModel testModel=new TestModel();
testModel.id= encrypt(id);
Return View(testModel);
}
[httppost]
Public ActionResult Display(string id)
{
Guid d_id= new Guid(decrypt(id));
// do operation with id
// edit, view, create
String e_id=encrypt(d_id);
Return RedirectToAction{"edit", e_id);
}
By following above encryption mechanism In view if you use the following code
<%:html.hiddenfor(model=>model.id);%>
Or  <%:html.hidden("id", Model.id);%>
Also we can make sure that the id won't be visible to the public.
Thanks
Adarsh

Comments

Post a Comment

Popular posts from this blog

How to add a stored procedure in Entity Framework

Step1- Open the .edmx file
Step2- Right click in .edmx file and select Update Model from Database


Step3- Select Add tab, select Stored Procedures and select the procedure you want to add and click finish as shown in below figure a

Step4- Build the Entity Project to make sure nothing is broke

Step5- Right click on .edmx file and  select Model Browser



Step6- Model Browser Popup will appear as  below figure. Click on the Strored Procedures in PricingToolModel.Stroe and click the newly added SP (it will appear here)
Step7- The Add Function Import screen will appear

Based on the return we can set up.

If you are returning a multiple column Click on the Get Column Information First, then click the new Complex Type. After that you can see the Return of Collection will select the Complex and a complex type is generated by EF

If its returning scalar you can select which return type like int, string etc...

If its return entitty (means table) please select the correct table from the list..

Click…
Post a Comment
Read more

Can we store wifi and use it later?

I started using WIFI almost 8 years back (in 2006) when I moved to the UK. Before that, during the engineering degree I studied about WIFI energetically for achieving grades. Nowadays it’s a common friend and every day without her presence, it is awful to envisage. One day my data allowance on the mobile run out and I want to go to an event in central London and want to use the GPS. I had to take map printout and follow the route. I depend a lot on GPS navigation rather than a paper map. So I reached the location half an hour later in the event. Eventually I missed the event and while walking back to the tube station I was thinking about storing the WIFI somehow and using it later, like a battery. People might think why can’t I carry a portable modem and a laptop, but I am thinking about much sophisticated device than that like a battery for the phone. Did anyone think about a life without batteries now? It is there since most of us on this planet born. In 1749 Benjamin Franklin firs…
Post a Comment
Read more