1

On our app we use secure function that make id in the road in other way:

We have for example: http://some.com/controller/action/12
In secure it will be: http://some.com/controller/action/bs16gz

We need to impelement auto securing (read: do not secure and unsecure Id in each controller). So it should be general solution what will be automatically implemented in all application.

Any ideas?

----Why we need it?-----
We want to prevent user to change id in QueryString for looking into another item

Exmaple:http://some.com/controller/action/12 is one record, then user change id to 13 and see another record. It's needs to our system to prevent this actions.

Improve this question
1
  • 3
    If user isn't permitted to view the record, then "securing" ids is a hack and you should think of a proper authorization routine Commented Oct 13, 2011 at 12:06

1 Answer 1

Reset to default
4

I wonder why would you need that. If you don't want someone "in the middle" to see these IDs, secure your HTTP traffic with SSL. If you don't want users to access other users' content, put security in place.

But if you're still after securing IDs, I think model binders is the way to go:

class MyController 
{
    ActionResult Index(SecureID id) 
    {
        var resource = ResourceRepository.Get<Resource>(id); // implicit conversion to long
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks! This is good idea, i will test it. I have to other ideas (just ideas) - 1. override route (get secure id, return int), 2. at global.asax use OnBeginRequest hendler. How do you think, is it good ideas?
@Evgeniy Labunskiy: I would rather follow Anton's advise than the two options that you indicated. Even if they were to work, they smell bad.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.