ASP.NET MVC 2 EditModel包括标识？固定标识不被篡改 [英] ASP.NET MVC 2 EditModel include Id? Securing Id is not tampered with

问题描述

我要寻找的一些最佳做法是涉及到创建EditMoels并在ASP.NET MVC应用程序更新数据。可以说我有一个url像这样/后/编辑？n = 25

I am looking for some best practices when is comes to creating EditMoels and updating data in an ASP.NET MVC app. Lets say I have a Url like so /Post/Edit?Id=25

我保证用户有权凭身份证上的GET请求，并在控制器同样为我的帖子编辑的具体职位。我使用的是ValidateAntiForgeryToken。

I am ensuring the user has permissions to edit the specific post by Id on the Get request and the same for my Post in the controller. I am using the ValidateAntiForgeryToken.

问题：我应该在我的EditModel Id属性？如果是这样，我应该对它进行加密？

Questions: Should I include the Id property in my EditModel? If so, Should I encrypt it?

问题是，我可以使用Firebug编辑ID hiddedinput和编辑不同的职位，只要我有权这样做。这不是可怕的，但似乎是错误的。

The problem is I can use FireBug to edit the Id hiddedinput and edit a different post as long as I have permission to do so. This is not horrible, but seems wrong.

任何帮助将是巨大的！

推荐答案

有几种方法prevent这一点。

There are several ways to prevent this.

第一 - 不敏感的数据发送到客户端的。保留的帖子ID在会话变量，因此用户不能编辑它。取决于体系结构，这可能是也可能不是一个选项。

The first - don't send sensitive data to the client at all. Keep the post id in session variables, so the user can never edit it. This may or may not be an option depending on your architecture.

接下来的方法是将直接引用转换为间接的。例如，而不是发送postids = {23452，57232，91031}给客户呈现一个下拉列表，您应该发送一个不透明的列表{1,2,3}。服务器单独知道，1表示23452，2指57232等。通过这种方式，用户不能修改你不想让他到任何参数。

The next approach is to convert the direct reference to an indirect one. For example, instead of sending postids = {23452, 57232, 91031} to the client to render a drop-down list, you should send an opaque list {1,2,3}. The server alone knows that 1 means 23452, 2 means 57232 and so on. This way, the user can't modify any parameter you don't want him to.

最后一个方法包括某种散列值，增加了作为一个完整性检查。例如，假设你在一个HTML页面3隐藏字段 - {用户id = 13223，=帖子​​ID 923，角色=作者}。您需要先在字段名称进行排序，然后串联值以得到像 =帖子ID及923安培的字符串;用户id = 13223＆安培;作用=作者。然后，添加一台服务器秘密此字符串和散列（SHA-1或MD5）整个字符串。对于如。 SHA-1（'=帖子ID及923安培;用户id = 13223＆安培;作用=作者和放大器; MySuperSecretKey'）。最后补充一下这个散列值作为一个隐藏的参数。您可能还需要增加另一个隐藏字段名为 ProtectedParameters =用户id，帖子ID，角色。

The last approach is including some kind of hash value that adds as an integrity check. For example, suppose you have 3 hidden fields in a html page - {userId=13223, postId=923, role=author}. You first sort the field names and then concatenate the values to get a string like postId=923&userId=13223&role=author. Then, append a server secret to this string, and hash (SHA-1 or MD5) the entire string. For eg. SHA-1('postId=923&userId=13223&role=author&MySuperSecretKey'). Finally add this hashed value as a hidden parameter. You may also want to add another hidden field called ProtectedParameters=userId,postId,role.

在接下来的请求时，重新进行整个过程。如果散列不同，放水过程

When the next request is made, redo the entire process. If the hash differs, balk the process.

安全明智的，我列出递减顺序排列的选项。同时，它可能是在方便的递增顺序。你必须选择适合您应用的正确组合。

Security wise, I have listed the options in decreasing order. At the same time, its probably in the increasing order of convenience. You have to pick the right mix for your application.

这篇关于ASP.NET MVC 2 EditModel包括标识？固定标识不被篡改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！