Encrypt and Decrypt query-string RSS

• • Reply
  DhananjayR

  None

  0 Points

  1 Post

  Encrypt and Decrypt query-string

  Dec 15, 2017 05:37 AM|DhananjayR|LINK

  Hello,
  Our application which is enterprise MVC application has 100s of controllers, models and views and huge code base.
  We are working on EU-GDPR requirements in which we are trying to safeguard person information from query-string like SSN, Name etc.
  Is there any product or library from MS which can help us in doing this?
   
  We done POC with two scenarios but we didn't figure out which we have to pick for the implementation.
   
  Scenario One :
   
  We created our HTTP module and on each request we are encrypting and decrypting the query string values.
   
  public void Init(HttpApplication context)
  {
     context.BeginRequest += new EventHandler(OnBeginRequest);
     context.EndRequest += new EventHandler(OnEndRequest);
  }
   
  private static void OnBeginRequest(object sender, EventArgs e)
  {
    //Decrypt Here
  }
   
   
  private static void OnEndRequest(object sender, EventArgs e)
  {
    //Encrypt Here
  }
   
   
  Scenario Two:
   
  We created our HTTP module and on each request we are encrypting the query string values.
   
  public void Init(HttpApplication context)
  { 
     context.EndRequest += new EventHandler(OnEndRequest);
  }
   
  private static void OnEndRequest(object sender, EventArgs e)
  {
    //Encrypt Here
  }
   
   
  We created our custom value provider to decrypt the values.
   
  public class CustomValueProvider : IValueProvider
  {
    public bool ContainsPrefix(string prefix)
     {
                  //Decrypt Here 
     }
   
      public ValueProviderResult GetValue(string key)
      {    }
  }
   
  public class CustomValueProviderFactory : ValueProviderFactory
  {
      public override IValueProvider GetValueProvider(ControllerContext controllerContext)
      {
          return new CustomValueProvider();
      }
  }
   
  Considering the above scenarios which solution is recommended to use as per Microsoft guidelines?

• • Reply
  Fei Han - MS...

  All-Star

  40565 Points

  6233 Posts

  Microsoft

  Re: Encrypt and Decrypt query-string

  Dec 18, 2017 08:29 AM|Fei Han - MSFT|LINK

  Hi DhananjayR,

  If all Query String need to be encrypted and decrypted in your application, I prefer your first approach:  encrypt&decrypt Query String globally via a custom HTTP module, which can avoid writing code again and again.

  On the other hand, your second approach: creating custom value provider for Query String decryption can provide a flexible and convenient way to decrypt Query String, if you need to do decryption in your controller actions.

  With Regards,

  Fei Han

  .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.