Hi Guys,
This time I had a requirement to Encrypt the request string parameters before passing them to the Controller's method. After referring this solution, I made this solution I hope you like it.
1) SecurityHelper
public class SecurityHelper
{
public static string Encrypt(string plainText)
{
string key = "jdsg432387#";
byte[] EncryptKey = { };
byte[] IV = { 55, 34, 87, 64, 87, 195, 54, 21 };
EncryptKey = System.Text.Encoding.UTF8.GetBytes(key.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
byte[] inputByte = Encoding.UTF8.GetBytes(plainText);
MemoryStream mStream = new MemoryStream();
CryptoStream cStream = new CryptoStream(mStream, des.CreateEncryptor(EncryptKey, IV), CryptoStreamMode.Write);
cStream.Write(inputByte, 0, inputByte.Length);
cStream.FlushFinalBlock();
return Convert.ToBase64String(mStream.ToArray());
}
public static string Decrypt(string encryptedText)
{
string key = "jdsg432387#";
byte[] DecryptKey = { };
byte[] IV = { 55, 34, 87, 64, 87, 195, 54, 21 };
byte[] inputByte = new byte[encryptedText.Length];
DecryptKey = System.Text.Encoding.UTF8.GetBytes(key.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByte = Convert.FromBase64String(encryptedText);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(DecryptKey, IV), CryptoStreamMode.Write);
cs.Write(inputByte, 0, inputByte.Length);
cs.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
public static string MakeQueryString(string queryString)
{
return "p=" + Encrypt(queryString);
}
}
2) EncryptedActionParameterAttribute
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class EncryptedActionParameterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Dictionary<string, object> decryptedParameters = new Dictionary<string, object>();
if (filterContext.HttpContext.Request.QueryString.HasValue)
{
string encryptedQueryString = filterContext.HttpContext.Request.QueryString.Value.Substring(filterContext.HttpContext.Request.QueryString.Value.IndexOf("=")+1);
string decrptedString = SecurityHelper.Decrypt(encryptedQueryString.ToString());
string[] paramsArrs = decrptedString.Split('&');
for (int i = 0; i < paramsArrs.Length; i++)
{
string[] paramArr = paramsArrs[i].Split('=');
decryptedParameters.Add(paramArr[0], paramArr[1]);
}
}
for (int i = 0; i < decryptedParameters.Count; i++)
{
filterContext.ActionArguments[decryptedParameters.Keys.ElementAt(i)] = decryptedParameters.Values.ElementAt(i);
}
base.OnActionExecuting(filterContext);
}
}
3) Index.cshtml
@{
ViewData["Title"] = "Home Page";
}
<div class="row">
<div class="col-md-12">
<ul>
@foreach (var person in PeopleHelper.GetPeople())
{
<li> @person.Name
<a href="/Home/Person?@SecurityHelper.MakeQueryString("id="+person.ID+"&name="+@person.Name)">
Click Here
</a>
</li>
}
</ul>
</div>
</div>
4) HomeController
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
[HttpGet]
[EncryptedActionParameter]
public IActionResult Person(string id, string name)
{
return View(new Person() { ID = int.Parse(id),Name = name } );
}
public IActionResult Error()
{
return View("~/Views/Shared/Error.cshtml");
}
}
This time I had a requirement to Encrypt the request string parameters before passing them to the Controller's method. After referring this solution, I made this solution I hope you like it.
1) SecurityHelper
public class SecurityHelper
{
public static string Encrypt(string plainText)
{
string key = "jdsg432387#";
byte[] EncryptKey = { };
byte[] IV = { 55, 34, 87, 64, 87, 195, 54, 21 };
EncryptKey = System.Text.Encoding.UTF8.GetBytes(key.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
byte[] inputByte = Encoding.UTF8.GetBytes(plainText);
MemoryStream mStream = new MemoryStream();
CryptoStream cStream = new CryptoStream(mStream, des.CreateEncryptor(EncryptKey, IV), CryptoStreamMode.Write);
cStream.Write(inputByte, 0, inputByte.Length);
cStream.FlushFinalBlock();
return Convert.ToBase64String(mStream.ToArray());
}
public static string Decrypt(string encryptedText)
{
string key = "jdsg432387#";
byte[] DecryptKey = { };
byte[] IV = { 55, 34, 87, 64, 87, 195, 54, 21 };
byte[] inputByte = new byte[encryptedText.Length];
DecryptKey = System.Text.Encoding.UTF8.GetBytes(key.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByte = Convert.FromBase64String(encryptedText);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(DecryptKey, IV), CryptoStreamMode.Write);
cs.Write(inputByte, 0, inputByte.Length);
cs.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
public static string MakeQueryString(string queryString)
{
return "p=" + Encrypt(queryString);
}
}
2) EncryptedActionParameterAttribute
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class EncryptedActionParameterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Dictionary<string, object> decryptedParameters = new Dictionary<string, object>();
if (filterContext.HttpContext.Request.QueryString.HasValue)
{
string encryptedQueryString = filterContext.HttpContext.Request.QueryString.Value.Substring(filterContext.HttpContext.Request.QueryString.Value.IndexOf("=")+1);
string decrptedString = SecurityHelper.Decrypt(encryptedQueryString.ToString());
string[] paramsArrs = decrptedString.Split('&');
for (int i = 0; i < paramsArrs.Length; i++)
{
string[] paramArr = paramsArrs[i].Split('=');
decryptedParameters.Add(paramArr[0], paramArr[1]);
}
}
for (int i = 0; i < decryptedParameters.Count; i++)
{
filterContext.ActionArguments[decryptedParameters.Keys.ElementAt(i)] = decryptedParameters.Values.ElementAt(i);
}
base.OnActionExecuting(filterContext);
}
}
3) Index.cshtml
@{
ViewData["Title"] = "Home Page";
}
<div class="row">
<div class="col-md-12">
<ul>
@foreach (var person in PeopleHelper.GetPeople())
{
<li> @person.Name
<a href="/Home/Person?@SecurityHelper.MakeQueryString("id="+person.ID+"&name="+@person.Name)">
Click Here
</a>
</li>
}
</ul>
</div>
</div>
4) HomeController
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
[HttpGet]
[EncryptedActionParameter]
public IActionResult Person(string id, string name)
{
return View(new Person() { ID = int.Parse(id),Name = name } );
}
public IActionResult Error()
{
return View("~/Views/Shared/Error.cshtml");
}
}
Comments
Post a Comment