.NET MVC + Sensitive Data

Question

I am iterating through a List of custom data objects and outputing the data to the screen in a pageable format. Each item needs to offer the ability to edit the details (a redirect to another view) and to remove the data. In order to do this I will need to pass an id of some sort to identify the record that is going to be updated or deleted. I do not want to include this id as plain text in the route values but am at a loss for how to implement this functionality. I have two ideas but am not sure if either would be viable.

1. Create a random key for each id each time the list is generated and store the key/id combo in sesion. I could then pass the key in the route values and grab the key when the user clicks an action. this seems like a lot of work

2. Wrap the "edit" and "remove" options in a form where I can use a hidden input to pass the data via POST. This seems less that desirable however.

Is there any standarzied way to utilize sensitive data within a View / Controller relationship when i am working with more than one item on a page? Thanks in advance for any help.

Answer 1

Just encrypt the sensitive data before it gets to the view. And send up the encrypted value and decrypt at the controller. Example:

public ActionResult RenderPage()
{
   CustomerInformation customerInformation = CustomerInformation.GetCurrentCustomer(); 
   customerInformation.SocialSecurityNumber = MyNamespace.Utilities.Encrypt(customerInformation.SocialSecurityNumber);
   return View(customerInformation);
}

and in the response you could do this.

public ActionResult SubmitData(CustomerInformation customerInformation)
{
   customerInformation.SocialSecurityNumber = MyNamespace.Utilities.Decrypt(customerInformation.SocialSecurityNumber);
   return View();
}

As you can see the data is encrypted before it goes out, and on the way back it gets decrypted again. Of course you can also use HTTPS and that should be really secure as well.