1

I have a simple post method in a MVC controller that checks whether the ModelState is valid then calls another method passing an instance of the model as a paramter. This model contains sensitive data that is easily obtained by looking at Fiddler. My goal is to somehow mask or encrypt this data so that it cannot be seen in an http trace.

I have seen posts suggesting to use Session or Temp variables but that is not an option in my case.

This is what the code looks like:

[HttpPost]
[ActionName("Search")]
[AccessControl(Xri)]
public ActionResult SearchPost(string string1, ViewModel model)
{
        model.NoResults = false;    

        if (ModelState.IsValid)
        {

           if (ModelState.IsValid) return RedirectToAction("TargetAction", model);            
         }

}

[AccessControl(Xri)]
public ActionResult TargetAction(string arg, ViewModel viewModel)
{
 .
 .
 .
}

Fiddler shows the following:

/TargetAction?id=01010101&date=08%2F14%2F2013%2000%3A00%3A00&To=08%2F21%2F2013%2000%3A00%3A00&param1=somevalue&param2=somevalue2

Is there a way to mask the url parameters shown here?

user2708543
  • 39
  • 1
  • 5
  • Is your concern with the user seeing that information? Or someone intercepting the request? – Rob Aug 22 '13 at 18:57
  • Both. Regulations in my industry prohibits making this type of data visible to anyone. – user2708543 Aug 22 '13 at 18:59
  • Then why is is part of the View Model? Is it some sort of authentication token or something? – Rob Aug 22 '13 at 19:03
  • Because some of that data is displayed on the page, ie: User ID. – user2708543 Aug 22 '13 at 19:13
  • I know what you're thinking...why display sensitive data on a web page since I don't others to see it. I should mention that users must authenticate to see this data. The security risk comes anyone with Fiddler being able to see it in decoded form. – user2708543 Aug 22 '13 at 19:22
  • Fiddler is a debugging proxy, it's not like a 3rd party is able to intercept your request/response using it. As stated below, since you are authenticating, use SSL. That encrypts ALL traffic between the client and server. – Rob Aug 23 '13 at 11:40
  • Can't you use SecureString Type of property to send the data over wire.? – Sravan Aug 24 '13 at 07:49

2 Answers2

1

You're going to need to get SSL running on your server.

Without a server certificate from a trusted authority, there is very little you can do to encrypt the data over the wire. Why? Because you'd need to send encryption/decryption details in clear text before you start sending the data so that your client (likely JavaScript) could decode it.

Using a certificate and operating on 443 gives you built-in functionality from the server/browser that is hard to beat in a custom implementation.

If you just want to obscure the data (and put it beyond the level of most web users) you could always base64 encode the data, rather than encrypting it. Just be clear that you are NOT encrypting data and it is still possible to decode it. This approach is not a form of encryption.

If you decide to take that approach regardless, here are a few resources: Client-side Encoding/Decoding MSDN Reference on Encoding to Base64

Cheers.

Community
  • 1
  • 1
MisterJames
  • 3,306
  • 1
  • 30
  • 48
0

You have two options for doing this:

  1. Store the data on the server and give the user a token (e.g. a GUID) to pass along to retrieve the data. Since using the Session or TempData is not an option, you could store the viewmodel in the database, and then redirect the user with the token in the URL to retrieve it on the next request.

  2. The other option would be to have the user pass the viewmodel in the URL as you're currently doing, but pass it in an encrypted format. For example, you could serialize the model to JSON, encrypt it using one of .NET's built in encryption algorithms, and then redirect to the next action passing the encrypted string as your view model. Then you could change the target action to something like:

    [AccessControl(Xri)]
    public ActionResult TargetAction(string arg, string encryptedViewModel)
    {
      var decryptedString = Decrypt(encryptedViewModel) ; // supply the decrypt function to match your encryption
      var viewModel = JsonConvert.DeserializeObject(decryptedString); 
    }
RyanHerbert
  • 88
  • 1
  • 6
  • option #2 works great but I'm looking for a "cleaner" solution. I dont know if one exists but it doesn't hurt to ask. I need to mention one thing though, I can use an in-house Session manager class. – user2708543 Aug 28 '13 at 16:34
  • for example, is it possible to tag the data I want encoded in the model so that I dont have to chase it and make sure it doesnt display in clear text? – user2708543 Aug 28 '13 at 18:19
  • This is what Id like to accomplish. Model.cs: public class someClass { [EncryptMe] public string userID {get; set;} } Is it possible to create a Model as shown above where the EncryptMe attribute somehow masks the data before positing the form? – user2708543 Aug 28 '13 at 18:49