Geek Answers Handbook

Encrypted view state in asp.net mvc

I know that view state is not exsist in mvc. I am looking for something similar to the encrypted view state mode in asp.net web forms. I want to hide some data in the request.

What I'm trying to achieve is to pass some data back and hide it from the user . I do not want the user to be able to change data or see it. By storing this data on the client side, I want to reduce the number of service calls because I cannot use a session to store this data.

Data will not be displayed at all. I just need to transfer it later for service.

+1
source share
3 answers

So, I found the answer to my question. There is a MVC3Futures project that adds the desired behavior.

You can serialize the entier model and encrypt it.

@Html.Serialize("Transfer", Model, SerializationMode.EncryptedAndSigned)

Binding in the controller is automated by adding a deserialized attribute.

 public ActionResult Transfer(string id,[Deserialize(SerializationMode.EncryptedAndSigned)]Transfer transfer)
+1
source

You just need to encrypt the value before placing it in a hidden input field, and then decrypt it on the server when it is published.

See how to do simple encryption / decryption in C #. Here are some good implementations:

http://www.joshrharrison.com/archive/2009/01/28/c-encryption.aspx

fooobar.com/questions/13765 / ...

+1
source
  • Although I really do not know what you are encrypting. but if you want to avoid CSRF or data falsification, then go for it.

you can use AntiForgeryToken() to check for fake data retries. The anti-fake flag can be used to protect your application from sub-fake. To use this function, call the AntiForgeryToken method from the form and add the ValidateAntiForgeryTokenAttribute attribute to the action method that you want to protect.

In view, use AntiForgeryToken

 @Html.AntiForgeryToken()

In controllers

 [ValidateAntiForgeryToken] Public ActionResult SomeAction() { return view() }
0
source

More articles:


All Articles