URL Encryption in MVC Application

In any web application there are always security related problem occurs when user
change something in URL’s value.

Like in URL sending passing any id in navigation from one page to other page to
display relevant data or perform any of the operation.

When passing any sensitive data from navigation then it may problem occurs when use
can change it and hake any of the data.

So better option is store this value in session but every time this is not
possible or good solution to store in session.

So in this article I am taking about URL encryption and decryption with any of the
data.

So we have created below methods for URL encryption and decryption in one the common
class.

public static string URLEncrypt(string toEncrypt)
        {
            string strEncoded = Security.EncryptURL(toEncrypt, true);
            return strEncoded;
        }
        public static string URLDecrypt(string toDecrypt)
        {
            string strDecoded = toDecrypt;
            strDecoded = Security.EncryptURL(strDecoded, true);
            
            return strDecoded;
        }

Here I am using Encryption methods by triple tipple cryptography algorithm.
Below are then complete details of this

http://amitpatelit.wordpress.com/2011/02/25/encrypt-and-decrypt-by-c-code-by-cryptography/

now we have to pass each id with encrypted format, as below given code. This code needs to apply on all available view where we are passing in data id.

@{
        string EncryptID = "";
        EncryptID = Security.URLEncrypt(item.ID.ToString());
}           
   @Html.ActionLink("Edit", "Edit", new { id= EncryptID }) |
   @Html.ActionLink("Details", "Details", new { id= EncryptID }) |
   @Html.ActionLink("Delete", "Delete", new { id= EncryptID })

And this passed ID need to decrypt in controller before use in actual logic.

public ActionResult Edit(string id)
{
	long intid = Convert.ToInt64(Security.URLDecrypt(id));

            Language language = db.Language.Find(intid);
            return View(language);
}

That above decryption need to apply all available methods where we have encrypted passed id.

So In this way you ULR will be secured with pass any kind of data in encryption format.

Thanks,
Amit Patel
“Enjoy Programming”

About these ads
Follow

Get every new post delivered to your Inbox.

Join 238 other followers