A Programmer with Microsoft tools

MVC 5 encrypt parameters

 

This is an old idea that I was having. The problem was that,for many people,showing the parameters in MVC is not something that they want . For example. suppose that we have this action

 

public ActionResult TestEncrypt(int id,int a,string b)

 

The this action can be activated by putting in the Razor cshtml file this

 

<a href=’@Url.Action("TestEncrypt",new { id=7,a = 1,b = "asd" })’>Test</a>

 

that will generate this URL :

http://mvc5encrypt.apphb.com/Home/TestEncrypt/7?a=1&b=asd .

The parameters are passed in clear text ( a is 1 and b is asd). What if I want to encrypt those into the URL,

http://mvc5encrypt.apphb.com/Home/TestEncrypt/7?a=EAAAAHT3XGpsOow%2f2Wto%2fho1C3Bmy1kTFnBosorsrt9X3Eqj&b=EAAAADbjm%2bS8NDAKqznGI%2bzF02oOAY9wf24SFyFxPxbCu0ea

 

but receive in the Action the default values ( 1 and asd)?

Enter MVC5Encrypt

What you have to do is modify slightly the code in the .cshtml and add an attribute to the Action

 

<a href=’@Url.ActionEnc("mySecret","TestEncrypt",new { id=7,a = 1,b = "asd" })’>Test</a>

 

and the action will be

[MVCDecryptFilter(secret = &amp;quot;mySecret&amp;quot;)]   
public ActionResult TestEncrypt(int id,int a,string b)

 

You can see into action at

http://mvc5encrypt.apphb.com/Home/TestEncrypt/7?a=EAAAAHT3XGpsOow%2f2Wto%2fho1C3Bmy1kTFnBosorsrt9X3Eqj&b=EAAAADbjm%2bS8NDAKqznGI%2bzF02oOAY9wf24SFyFxPxbCu0ea

 

FAQ:

1.  What is “mysecret”?

See code on http://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string that I shameless copied.

 

2. What about backward compatibility ( i.e.,old links will function ) ?

Yes if you do not already encode in base64 ( default class encrypter knows if the parameter value is in base64 ) . See

http://mvc5encrypt.apphb.com/Home/TestEncrypt/7?a=1&b=asd 

 

3. What about extending this with a custom encrypt class ?

You can – see this function

 

public static string ActionEnc(this UrlHelper helper,IEncryptDecrypt encDec,string actionName,object routeValues)

 

4. What about extending this to route parameters ( e.g. http://localhost/Person/Edit/5  – the 5 parameter is in the route and not encrypted ) ?

Glad you ask. Please fill an feature request on github

5. More details ? 

Sources on GitHub : https://github.com/ignatandrei/MVC5Encrypt

Demo at http://mvc5encrypt.apphb.com/ 

NuGet at https://www.nuget.org/packages/MVC5Encrypt/

( Other solution is to use http://madskristensen.net/post/httpmodule-for-query-string-encryption)

Posted

in

,

by

ignatandrei

Tags:

Comments

11 responses to “MVC 5 encrypt parameters”

  1. Archie Vincent Avatar
    Archie Vincent

    Why not use Post?

    Reply
    1. Andrei Ignat Avatar
      Andrei Ignat

      You could also use POST, if you want

      Reply
    2. reza Avatar
      reza

      Not working in mvc 5.2.7 !

      Reply
      1. Andrei Ignat Avatar
        Andrei Ignat

        What is your code ?

        Reply
  2. Jv Avatar
    Jv

    Very Nice!
    just a quick question what if you want to use protocol: Request.Url.Scheme? just like what you have for url.action()?

    Reply
  3. Naveen Avatar
    Naveen

    Do you this library for .NET Core?

    Reply
    1. Andrei Ignat Avatar
      Andrei Ignat

      I will do it 😉

      Reply
  4. kuldeep nageshwar Avatar
    kuldeep nageshwar

    ‘System.Web.Mvc.UrlHelper’ does not contain a definition for ‘ActionEnc’ and no extension method ‘ActionEnc’ accepting a first argument of type ‘System.Web.Mvc.UrlHelper’ could be found (are you missing a using directive or an assembly reference?)

    Reply
  5. Aqua Avatar
    Aqua

    How would you do that to create a URL for another Area/Controller? I guess this only works with the controller under same area.

    Reply
  6. Aqua Avatar
    Aqua

    Can you push this on github

    ///
    /// default implementation
    ///
    ///
    ///
    ///
    ///
    ///
    ///
    public static string ActionEnc(this UrlHelper helper, string secret, string actionName, string controllerName, object routeValues)
    {
    var encDec = new EncryptDecrypt(secret);
    return ActionEnc(helper, encDec, actionName,controllerName, routeValues);
    }

    public static string ActionEnc(this UrlHelper helper, IEncryptDecrypt encDec, string actionName, string controllerName, object routeValues)
    {

    var url = helper.Action(actionName, controllerName, routeValues);
    var index = url.IndexOf(“?”);
    if (index == -1)
    return url;
    var uri = new Uri(url, UriKind.RelativeOrAbsolute);
    Uri absoluteUri;
    if (uri.IsAbsoluteUri)
    {
    absoluteUri = uri;
    }
    else
    {
    absoluteUri = new Uri(new Uri(“http://msprogrammer.serviciipeweb.ro/”), uri);
    }
    var q = absoluteUri.Query;
    var args = HttpUtility.ParseQueryString(q);
    if (args.Count == 0)
    {
    return url;
    }

    for (int i = 0; i < args.Count; i++)
    {
    var key = args.GetKey(i);
    args[key] = encDec.EncryptString(args[i]);
    }
    url = url.Substring(0, index + 1);
    return url + args.ToString();
    }

    Reply
    1. Andrei Ignat Avatar
      Andrei Ignat

      Could you fork and make a pull request ? I wonder what are the differences and why

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *