locked
Encrypt Id in view RRS feed

  • Question

  • User1694748171 posted

    I'm using datatable in my view and I encrypted the Id in my view, the problem when I click on the Edit or Details, the system is crashed becasue the binding issue. system expected to see the int of id but I'm sending the encrypted if that's converted to the string. 

      public ActionResult Edit( string   Ids )
            {
                 
                return View();
            }

    and in the datatable 

        "render": function (data, type, full, meta) { return '<a class="btn btn-info btn-sm" href="@Url.Action("Edit", "Assessment")/' +   full.Ids + '">Edit</a>'; }

    this is my URL http://localhost:58579/Assessment/Edit/urgglRBO+IE=

    The id is encrypted but I can't pass it to Edit actionResult.

    When i click on edit I got the error

    HTTP Error 404.11 - Not Found

    The request filtering module is configured to deny a request that contains a double escape sequence

    Thursday, November 12, 2020 3:59 PM

Answers

  • User-474980206 posted

    the plus and slash must be encoded in base64 to use in a url. but instead of being encoded, there is a new base64url format that handles this by replacing the plus with minus and the slash with underscore.

      https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.webutilities.webencoders.base64urlencode?view=aspnetcore-5.0

      https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.tokens.base64urlencoder?view=azure-dotnet

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 12, 2020 4:19 PM
  • User475983607 posted
    I changed my encryption to Base64  and I have same problem 
     
    my URL http://localhost:58579/Assessment/Edit/OTM=
     
    any the error 
     
    Server Error in '/' Application.
    The resource cannot be found.
    Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.
     
    Requested URL: /Assessment/Edit/OTM=

    There's a bug in your routing design. If you are using the standard route then the controller uses the standard id route parameter.

            [HttpGet]
            public ActionResult Edit(string id)
            {
                return Content(id);
            }

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 12, 2020 4:54 PM
  • User475983607 posted

    If I changed it to the

      public ActionResult Edit(int ?id) the value passed as null. I need it to passed as encoded id and then 
    I will decoded it

    You're passing a string not a nullable int.  Please see my previous post.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 12, 2020 5:13 PM

All replies

  • User475983607 posted

    You must Base64 URL encode the encrypted byte array because HTTP is a text based protocol.  The URL cannot have any URL special characters.

    Thursday, November 12, 2020 4:08 PM
  • User1694748171 posted

    Do you have any sample code for Base64 URL encode ?

    Thursday, November 12, 2020 4:16 PM
  • User-474980206 posted

    the plus and slash must be encoded in base64 to use in a url. but instead of being encoded, there is a new base64url format that handles this by replacing the plus with minus and the slash with underscore.

      https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.webutilities.webencoders.base64urlencode?view=aspnetcore-5.0

      https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.tokens.base64urlencoder?view=azure-dotnet

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 12, 2020 4:19 PM
  • User1694748171 posted

    Still have same problem.

    Thursday, November 12, 2020 4:42 PM
  • User475983607 posted
    I changed my encryption to Base64  and I have same problem 
     
    my URL http://localhost:58579/Assessment/Edit/OTM=
     
    any the error 
     
    Server Error in '/' Application.
    The resource cannot be found.
    Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.
     
    Requested URL: /Assessment/Edit/OTM=

    There's a bug in your routing design. If you are using the standard route then the controller uses the standard id route parameter.

            [HttpGet]
            public ActionResult Edit(string id)
            {
                return Content(id);
            }

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 12, 2020 4:54 PM
  • User1694748171 posted

    If I changed it to the

      public ActionResult Edit(int ?id) the value passed as null. I need it to passed as encoded id and then I will decoded it
    Thursday, November 12, 2020 5:10 PM
  • User475983607 posted

    If I changed it to the

      public ActionResult Edit(int ?id) the value passed as null. I need it to passed as encoded id and then 
    I will decoded it

    You're passing a string not a nullable int.  Please see my previous post.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 12, 2020 5:13 PM
  • User1694748171 posted

    Your right, thank you so much for your help.

    Thursday, November 12, 2020 7:04 PM