加密视图模型中传递的数据 [英] Encrypt data passed in View Model

问题描述

我在MVC控制器中有一个简单的post方法来检查ModelState是否有效，然后调用另一个传递模型实例作为参数的方法。该模型包含通过查看Fiddler可以轻松获得的敏感数据。我的目标是以某种方式掩蔽或加密这些数据，以免在http跟踪中看不到。

我已经看到建议使用Session或Temp变量的帖子，

这是代码如下所示：

  [HttpPost] 
 [ActionName（Search）] 
 [AccessControl（Xri）] 
 public ActionResult SearchPost（string string1，ViewModel model）
 {
 model.NoResults = false; 
 
 if（ModelState.IsValid）
 {
 
 if（ModelState.IsValid）返回RedirectToAction（TargetAction，model）; 
} 
 
} 
 
 [AccessControl（Xri）] 
 public ActionResult TargetAction（string arg，ViewModel viewModel）
 {
。 
。 
。 
} 
  

Fiddler显示以下内容：

/ TargetAction？id = 01010101& date = 08％2F14％2F2013％2000％3A00％3A00& To = 08％2F21％2F2013％2000％3A00％3A00& param1 = somevalue& param2 = somevalue2

有没有办法掩盖这里显示的url参数？

解决方案

需要在您的服务器上运行SSL。

如果没有受信任的机构的服务器证书，您可以通过线路对数据进行加密。为什么？因为您需要在开始发送数据之前以明文形式发送加密/解密细节，以便您的客户端（可能的JavaScript）可以对其进行解码。

使用证书并且在443上运行，可以让您在自定义实现中难以击败的服务器/浏览器中内置功能。<​​/ p>

如果您只想遮盖数据（和将其超越大多数网络用户的级别），您可以随时对数据进行编码，而不是对其进行加密。 b $ b

如果你决定采取这种方法，不管以下几个资源：
客户端编码/解码
MSDN参考编码到Base64

干杯。

I have a simple post method in a MVC controller that checks whether the ModelState is valid then calls another method passing an instance of the model as a paramter. This model contains sensitive data that is easily obtained by looking at Fiddler. My goal is to somehow mask or encrypt this data so that it cannot be seen in an http trace.

I have seen posts suggesting to use Session or Temp variables but that is not an option in my case.

This is what the code looks like:

[HttpPost]
[ActionName("Search")]
[AccessControl(Xri)]
public ActionResult SearchPost(string string1, ViewModel model)
{
        model.NoResults = false;    

        if (ModelState.IsValid)
        {

           if (ModelState.IsValid) return RedirectToAction("TargetAction", model);            
         }

}

[AccessControl(Xri)]
public ActionResult TargetAction(string arg, ViewModel viewModel)
{
 .
 .
 .
}

Fiddler shows the following:

/TargetAction?id=01010101&date=08%2F14%2F2013%2000%3A00%3A00&To=08%2F21%2F2013%2000%3A00%3A00&param1=somevalue&param2=somevalue2

Is there a way to mask the url parameters shown here?

解决方案

You're going to need to get SSL running on your server.

Without a server certificate from a trusted authority, there is very little you can do to encrypt the data over the wire. Why? Because you'd need to send encryption/decryption details in clear text before you start sending the data so that your client (likely JavaScript) could decode it.

Using a certificate and operating on 443 gives you built-in functionality from the server/browser that is hard to beat in a custom implementation.

If you just want to obscure the data (and put it beyond the level of most web users) you could always base64 encode the data, rather than encrypting it. Just be clear that you are NOT encrypting data and it is still possible to decode it. This approach is not a form of encryption.

If you decide to take that approach regardless, here are a few resources: Client-side Encoding/Decoding MSDN Reference on Encoding to Base64

Cheers.

这篇关于加密视图模型中传递的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！