0

I have an ASP.net MVC 4 application and a winform application. My MVc need to be secured by authorized via Mac address. My winform will send mac address to them like: http://example.com/login/?mac=XX-XX-XX-XX-XX (using query string). It works perfectly so for more safer. I want to hidden the mac address from the address bar. I have an idea that create cookie in winform app and send cookie to server. Is it possible? Give me advise and many thanks for reading my question.

Dieu Lu
  • 3
  • 4

1 Answers1

0

I would simply encrypt the MAC address and send to server. Use a shared secret to encrypt, the secret is only known to web server for decryption. IMO its more secure and extensible.

Update:

Option 1: Using the cookie

Yes, you can send the information using Cookie, see below code snippet:

var baseAddress = new Uri("http://example.com");
var cookieContainer = new CookieContainer();
using (var handler = new HttpClientHandler() { CookieContainer = cookieContainer })
using (var client = new HttpClient(handler) { BaseAddress = baseAddress })
{
    var content = new FormUrlEncodedContent(new[]
    {
        new KeyValuePair<string, string>("foo", "bar"),
        new KeyValuePair<string, string>("baz", "bazinga"),
    });
    cookieContainer.Add(baseAddress, new Cookie("CookieName", "cookie_value"));
    var result = client.PostAsync("/test", content).Result;
    result.EnsureSuccessStatusCode();
}

Refer this How do I set a cookie on HttpClient's HttpRequestMessage from where I got the code example.

Refer this link which may be useful to set the path.

Option 2: Send the data in POST request (preferable option)

   private static async Task RunAsync()
    {
        using (var client = new HttpClient())
        {
            client.BaseAddress = new Uri("http://example.com"); //Change the link
            client.DefaultRequestHeaders.Accept.Clear();
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            // HTTP GET
            HttpResponseMessage response = await client.GetAsync("api/values/1");
            if (response.IsSuccessStatusCode)
            {
                Product product = await response.Content.ReadAsAsync<Product>();
                Console.WriteLine("{0}\t${1}\t{2}", product.Name, product.Price, product.Category);
            }

            // HTTP POST
            var gizmo = new Product() {Name = "Gizmo", Price = 100, Category = "Widget"};
            response = await client.PostAsJsonAsync("api/values", gizmo);
            if (response.IsSuccessStatusCode)
            {
                Uri gizmoUrl = response.Headers.Location;

                // HTTP PUT
                gizmo.Price = 80; // Update price
                response = await client.PutAsJsonAsync(gizmoUrl, gizmo);

                // HTTP DELETE
                response = await client.DeleteAsync(gizmoUrl);
            }
        }
    }

For more information refer msdn article

Community
  • 1
  • 1
SBirthare
  • 5,117
  • 4
  • 34
  • 59
  • I did it but my client dont want them appear in query string. They want the encrypted MAC send quietly. – Dieu Lu Sep 15 '14 at 16:27
  • @DieuLu - If you haven't figure out already I am adding few link in my answer above, thinking it might help. – SBirthare Sep 17 '14 at 07:41