MVC 5 encrypt parameters
This is an old idea that I was having. The problem was that , for many people, showing the parameters in MVC is not something that they want . For example. suppose that we have this action
public ActionResult TestEncrypt(int id, int a, string b)
The this action can be activated by putting in the Razor cshtml file this
<a href=’@Url.Action("TestEncrypt", new { id=7, a = 1, b = "asd" })’>Test</a>
that will generate this URL :
http://mvc5encrypt.apphb.com/Home/TestEncrypt/7?a=1&b=asd .
The parameters are passed in clear text ( a is 1 and b is asd). What if I want to encrypt those into the URL ,
but receive in the Action the default values ( 1 and asd)?
Enter MVC5Encrypt
What you have to do is modify slightly the code in the .cshtml and add an attribute to the Action
<a href=’@Url.ActionEnc("mySecret", "TestEncrypt", new { id=7, a = 1, b = "asd" })’>Test</a>
and the action will be
[MVCDecryptFilter(secret = "mySecret")] public ActionResult TestEncrypt(int id, int a, string b)
You can see into action at
FAQ:
1. What is “mysecret”?
See code on http://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string that I shameless copied.
2. What about backward compatibility ( i.e., old links will function ) ?
Yes if you do not already encode in base64 ( default class encrypter knows if the parameter value is in base64 ) . See
http://mvc5encrypt.apphb.com/Home/TestEncrypt/7?a=1&b=asd
3. What about extending this with a custom encrypt class ?
You can – see this function
public static string ActionEnc(this UrlHelper helper, IEncryptDecrypt encDec, string actionName, object routeValues)
4. What about extending this to route parameters ( e.g. http://localhost/Person/Edit/5 – the 5 parameter is in the route and not encrypted ) ?
Glad you ask. Please fill an feature request on github
5. More details ?
Sources on GitHub : https://github.com/ignatandrei/MVC5Encrypt
Demo at http://mvc5encrypt.apphb.com/
NuGet at https://www.nuget.org/packages/MVC5Encrypt/
( Other solution is to use http://madskristensen.net/post/httpmodule-for-query-string-encryption)
Why not use Post?
You could also use POST, if you want
Not working in mvc 5.2.7 !
What is your code ?
Very Nice!
just a quick question what if you want to use protocol: Request.Url.Scheme? just like what you have for url.action()?
Do you this library for .NET Core?
I will do it 😉
‘System.Web.Mvc.UrlHelper’ does not contain a definition for ‘ActionEnc’ and no extension method ‘ActionEnc’ accepting a first argument of type ‘System.Web.Mvc.UrlHelper’ could be found (are you missing a using directive or an assembly reference?)
How would you do that to create a URL for another Area/Controller? I guess this only works with the controller under same area.
Can you push this on github
///
/// default implementation
///
///
///
///
///
///
///
public static string ActionEnc(this UrlHelper helper, string secret, string actionName, string controllerName, object routeValues)
{
var encDec = new EncryptDecrypt(secret);
return ActionEnc(helper, encDec, actionName,controllerName, routeValues);
}
public static string ActionEnc(this UrlHelper helper, IEncryptDecrypt encDec, string actionName, string controllerName, object routeValues)
{
var url = helper.Action(actionName, controllerName, routeValues);
var index = url.IndexOf(“?”);
if (index == -1)
return url;
var uri = new Uri(url, UriKind.RelativeOrAbsolute);
Uri absoluteUri;
if (uri.IsAbsoluteUri)
{
absoluteUri = uri;
}
else
{
absoluteUri = new Uri(new Uri(“http://msprogrammer.serviciipeweb.ro/”), uri);
}
var q = absoluteUri.Query;
var args = HttpUtility.ParseQueryString(q);
if (args.Count == 0)
{
return url;
}
for (int i = 0; i < args.Count; i++)
{
var key = args.GetKey(i);
args[key] = encDec.EncryptString(args[i]);
}
url = url.Substring(0, index + 1);
return url + args.ToString();
}
Could you fork and make a pull request ? I wonder what are the differences and why