Url Encryption in Asp.Net MVC
Hello and welcome to Code2Night. In this tutorial, we'll look at how to build Url Encryption in Asp.Net MVC. There are a couple of methods that give url encryption but appear to be quite difficult to implement. In this tutorial, we will use simple custom HTML helpers to encrypt URLs.
20230604111322.jpeg)
Url Encryption in Asp.Net MVC
So, starting from the beginning Url encryption is a really important feature in today's world as it provided protection to the data our website often shares with a query string. So while using query strings and hiding the actual data from the user so that can't change that for misuse we often use url encryption.
Html Helpers
For URL encryption, we actually need to think about two things. Firstly, how to encrypt data in such a way that it can be used globally, and second how to decrypt data in such a way that you don't have to change too many things. So for the encryption of URLs, we can use custom Html Helpers. In the below example, we are creating a helper which will take action, controller, parameter, and HTML class and will return an anchor tag with an encrypted URL.
public static MvcHtmlString EncodedActionLink(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes,string iconclass)
{
string queryString = string.Empty;
string htmlAttributesString = string.Empty;
if (routeValues != null)
{
RouteValueDictionary d = new RouteValueDictionary(routeValues);
for (int i = 0; i < d.Keys.Count; i++)
{
if (i > 0)
{
queryString += "?";
}
queryString += d.Keys.ElementAt(i) + "=" + d.Values.ElementAt(i);
}
}
if (htmlAttributes != null)
{
RouteValueDictionary d = new RouteValueDictionary(htmlAttributes);
for (int i = 0; i < d.Keys.Count; i++)
{
htmlAttributesString += " " + d.Keys.ElementAt(i) + "=" +"'"+ d.Values.ElementAt(i)+"'";
}
}
//What is Entity Framework??
StringBuilder ancor = new StringBuilder();
ancor.Append("<a ");
if (htmlAttributesString != string.Empty)
{
ancor.Append(htmlAttributesString);
}
ancor.Append(" href='");
if (controllerName != string.Empty)
{
ancor.Append("/" + controllerName);
}
if (actionName != "Index")
{
ancor.Append("/" + actionName);
}
if (queryString != string.Empty)
{
ancor.Append("?q=" + EncryptURL(queryString));
}
ancor.Append("'");
ancor.Append(">");
if(!string.IsNullOrEmpty(iconclass))
ancor.Append("<i class='" + iconclass + "'></i> ");
ancor.Append(linkText);
ancor.Append("</a>");
return new MvcHtmlString(ancor.ToString());
}
public static string EncryptURL(string clearText)
{
string EncryptionKey = "LUPHLAKMAKJ2SPBNI99212";
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;
}So, you can place this helper inside a static class and use it afterward. EncodedActionLink
This will be used on view as you can see in the below example
@Html.EncodedActionLink("Create", "Add", "Master", new { Id=1}, new { @class = "btn btn-primary" }, null)So, this will return you an anchor tag. When you will click this anchor your page will redirect with encrypted data which you have passed to the helper. However, the controller and action will be the same just the query string will be encrypted.
The decryption of Encrypted Url
So, after encryption, we have to create a global method for the decryption of the URL. We will create a custom filter attribute for this purpose.
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class EncryptedActionParameterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Dictionary<string, object> decryptedParameters = new Dictionary<string, object>();
if (HttpContext.Current.Request.QueryString.Get("q") != null)
{
string encryptedQueryString = HttpContext.Current.Request.QueryString.Get("q");
string decrptedString = Decrypt(encryptedQueryString.ToString());
string[] paramsArrs = decrptedString.Split('?');
for (int i = 0; i < paramsArrs.Length; i++)
{
string[] paramArr = paramsArrs[i].Split('=');
//if(paramArr[1].GetType().Name == "String")
// decryptedParameters.Add(paramArr[0], paramArr[1]);
//else
int val = 0;
if(Int32.TryParse(paramArr[1],out val))
decryptedParameters.Add(paramArr[0], Convert.ToInt32(paramArr[1]));
else
decryptedParameters.Add(paramArr[0], paramArr[1]);
}
}
for (int i = 0; i < decryptedParameters.Count; i++)
{
filterContext.ActionParameters[decryptedParameters.Keys.ElementAt(i)] = decryptedParameters.Values.ElementAt(i);
}
base.OnActionExecuting(filterContext);
}
private string Decrypt(string cipherText)
{
string EncryptionKey = "JUDHAAUMAKV2SPBNI99212";
cipherText = cipherText.Replace(" ", "+");
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
}So, you can use this custom filter attribute. This will decrypt the query string and will pass the original data in the action parameters. Let's have a look at how to use this.
[EncryptedActionParameter]
public ActionResult Create(int Id)
{ return View();}So, [EncryptedActionParameter], is the same custom filter attribute that we have created in the last step. You have to use this attribute wherever you want to decrypt the encrypted data. And you can get original data in your parameters.
This is how your URL will look after encryption, but it will give correct data in your action parameters. So this is how you can implement URL encryption in Asp.Net MVC.
