2

I am developing an asp.net mvc 6 application, and as part of the application we will send out emails, which contain a link that a user can click on that sends them to a particular action method. An example of an emailed link would be

http://identity.platform:7000/account/register?emailinvitation=true&[email protected]

Which would then go to the AccountController Register action method:

Register(string userName, bool emailInvitation=false, string email="" )

What I would like is to do a Base-64 encoding of the url, so the user is not then tempted to manually change any of the parameters, so then we have a link like

http://identity.platform:7000/account/register?url=ZW1haWxpbnZpdGF0aW9uPXRydWUmZW1haWw9eWVyZ0B0ZXN0LmNvbQ==

So the flow in my mvc application would be

  1. receive the request
  2. check if there is a url parameter that needs decoding
  3. if so decode and send on to the appropriate controller/action method

My question is, whereabouts should I be intercepting the request and decoding it? Should this happen in the routing, or somewhere later? How do I then redirect to the action method with the appropriate parameters

Improve this question
3
  • 4
    Base-64 is not encryption. It would be very easy to change the parameters. Commented Dec 18, 2017 at 12:18
  • I know that, I just want to prevent curious tampering for the majority of users, it's not really a security feature Commented Dec 18, 2017 at 12:19
  • you will validate that link when it hits your server right if it is not valid then you can display error message Commented Dec 18, 2017 at 12:21

1 Answer 1

Reset to default
2

On the server, generate a GUID for the specific invite, and send that in the email instead of the params.

You will also need an overload for the Register action method which accepts the GUID string instead.

Register(string guid) {
}

It will fetch the linked details (e.g. email address) from the data store and then proceed as per your normal process.

Unlike base64, there's no way for anyone to reverse it and discover the parameters, and it's hard for the user to guess another valid GUID. There's no need for you to worry about encoding and decoding them, and you can easily make them one-time-only tokens, which may be helpful to your business process. Another bonus is that you don't end up with sensitive data like email addresses in your server logs or user's browsing history, or transmitted in the clear over HTTP (as per your example URL).

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

If follow this way - it's better to generate random string instead of using guid.
@Evk might I enquire why, in your opinion? How do you guarantee the uniqueness of your random string, for instance?
In theory, Guid is not required to be random. For example, in old versions of windows guid was generated using network card MAC address and timestamp. However, in all modern versions - guid is basically just a random number. I still prefer random string over that random guid mostly because of semantics (and to not even think on which version of windows my code is expected to run). As for how to guarantee uniquness - exactly the same way current guid does that - number of different strings to be generated is so high that chance of collision is negligible and can be not taken into account.
Of course I mean I prefer to use random strings where random strings are naturally expected (like in this case), not just instead of guids in general.
Well, when I wriiten first comment I forgot that guids are now random and not determenistic like before. So you are right that there is probably no need to generate random string in this case, and I just got used to doing it.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.