How can I encrypt the id querystring parameter

Question

I need to send "@id" parameter with encrypted (on browser search bar) then decrypted the id to get id's values from Edit view.How can I use AES cryptography.

public ActionResult Edit(int? id)
{
    return view(model);
}

score 1 · Answer 1 · answered Jun 25 '19 at 14:36

You can't encrypt and decrypt a parameter in a query string param in a URL. If you want to pass parameters between a client browser and host system, the parameter has to be buried in the content of the messaging between the host and client while the entire messaging is encrypted via HTTPS.

Amin Saadati · Answer 2 · 2019-06-27T15:20:35.650

0

You can do it by this steps :

Step 1: Create a new class in your project and copy paste the code from This Link.

Step 2: Build the project now

step 3:

Put the MyExtension namespace on top of your page (view)

@Html.EncodedActionLink(item.Name, "YourActionName", "YourControllerName", new { id = item.ID }, null)

Step 4:

[EncryptedActionParameter]
public ActionResult Edit(int? id)
{
    return view(model);
}

Edited : After I did above steps I found a problem in decryption and I changed it.So you need to change byte[] IV = { 2, 4, 6, 8, 10, 12, 14, 16, 18, 20 }; to byte[] IV = { 55, 34, 87, 64, 87, 195, 54, 21 }; in Decrypt and Encrypt methods in MyExtensions class.

edited Jun 27 '19 at 15:20

answered Jun 25 '19 at 14:36

Amin Saadati

719
8
21

1

I add theese class,and [EncryptedActionParameter] public ActionResult Edit(int? id) { return view(model); } but it says "Html helper does not contains EncodedActionLink extension method" – Kerem Yılmaz Jun 27 '19 at 12:35
Add this `using System.Web.Mvc.Html;` – Amin Saadati Jun 27 '19 at 12:51
1

Where,I added it but VStudio says its not on use. And I'm using Devexpress,it happens in gridviewpartial – Kerem Yılmaz Jun 27 '19 at 12:52
top of your extension class – Amin Saadati Jun 27 '19 at 12:55
see this link one of answer can solved your problem https://stackoverflow.com/a/12692202/4118900 or https://stackoverflow.com/a/12692197/4118900 or https://sitecore.stackexchange.com/a/532 – Amin Saadati Jun 27 '19 at 12:58
1

Now url is :"/Edit?q=+kBlw5MHdHA= " but I'm using like Edit/2, and its not decrypted on post page – Kerem Yılmaz Jun 27 '19 at 13:09
1

Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/195632/discussion-between-kerem-yilmaz-and-amin-saadati). – Kerem Yılmaz Jun 27 '19 at 13:09
@KeremYılmaz I made a sample of it and it works fine and there is not any problem to encrypt your data – Amin Saadati Jun 27 '19 at 16:07

How can I encrypt the id querystring parameter

2 Answers2