1

I use asp.net mvc 5. I have two pages. The first page with a field is to enter the new PIN, the second page is to re-enter the new PIN

I have the url when a submit form in first page to pass the cardID and new PIN, such as: 

.../ChangePIN/ConfirmPIN?cardID=123456789&newPIN=123456

and I want to encrypt "cardID = 123456789" and "newPIN = 123456", so how can I do?

namespace ATM.Web.Controllers
{
    public class ChangePINController : Controller
    {
        ATMDb ATMContext = new ATMDb();
        string cardID = ATM.Core.Utilities.MyUtilities.getInstance().Card.CardId;
        //
        // GET: /Card/ChangePIN
        public ActionResult ChangePIN(string id)
        {
            if (id == null)
            {
                return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
            }
            var card = ATMContext.Card.Find(id);
            if (card == null)
            {
                return HttpNotFound();
            }
            ViewBag.cardID = id;
            return View();
        }

        [HttpGet]
        public ActionResult ConfirmPIN(string cardID, string newPIN)        
        {
            ViewBag.cardID = cardID;
            ViewBag.newPIN = newPIN;
            return View();
            }

        [HttpPost]
        public ActionResult ConfirmPIN(string cardID, string newPIN, string newPINConfirm)
        {
            if (newPIN != newPINConfirm)
            {
                ViewBag.Message = "";
                ViewBag.cardID = cardID;
                ViewBag.newPIN = newPIN;
                return View();
            }
            else
            {
               var card = ATMContext.Card.Find(cardID);     
                ATMContext.Entry(card).State = EntityState.Modified;                 
                card.PIN = newPINConfirm;
                ATMContext.SaveChanges();
                return RedirectToAction("Success");
            }
        }

        public ActionResult Success()
        {
            return View();
        }        
    }
}

Please help me.
Thanks you everyone.

Improve this question
1
  • 1
    Why dont you use Post for sensitive information? Commented Jun 4, 2014 at 10:19

1 Answer 1

Reset to default
2

In encrypted url, the requester must know the encryption if it is open for all get requests. If you are using internal links in your views you can create static class(Utility) for same. ex

  public static Encryption{
  public static string encrypt(string ToEncrypt)
        {
              return Convert.ToBase64String(Encoding.ASCII.GetBytes(ToEncrypt));
        }
        public static string decrypt(string cypherString)
        {
              return Encoding.ASCII.GetString(Convert.FromBase64String(cypherString));
        }
}

In your view use :

@Html.ActionLink("link", "Action_name", "Controller_name", new { id=Encryption.encrypt(article.ArticleID) }, null)

And you must decrypt before using Id ex.

 public ActionResult ChangePIN(string id)
        {
        string _id=Encryption.decrypt(id);
        ...
        }

Hope it will help.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.