views:

99

answers:

2

What is the best method to obfuscate the urls created in Dynamic Data?

eg \Products\List.aspx?ProductId=2 could become

\Products\List.aspx?x=UHJvZHVjdElkPTI=

where "ProductId=2" is base 64 encoded to prevent casual snooping on

\Products\List.aspx?ProductId=3

\Products\List.aspx?ProductId=4

etc...?

I will probably have to inherit from an existing object and override some function The question is which object and what function

GetActionPath of the Metamodel object seems interesting, but how does the DynamicRoute "{table}/{Action}.aspx" play in into it...

Right now on Asp.net 1.1 site I use an custom implementation of the following code. http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml It is HTTPModule that uses regular expression to rewrite all the querystrings and also with reflection changes the Querystring collection with decoded values.

So where is the hook to affect the change.

+1  A: 

Here is how I did it:

I created 4 functions in a module:

public static string EncryptInt(int val)
public static int DecryptInt(string val)
public static string DecryptStr(string str)
public static string EncryptStr(string source)

When I wanted to create a url I did something like this:

 string.Format(@"\path\file.aspx?ID={0}&name={1}",encrypt.EncryptInt(inID),encrypt.EncriptStr(inName)); 

When I wanted to get the results I would call the Decrypt function on retrieved param.

I used two types because it added a level of type safety to the system, but you could just use one with strings and then call int.Parse() as needed.

Does this answer your question?

For Microsoft's Dynamic Data I believe the hooks would be found in the code behind for the template pages.

Hogan
Here is link to a sample http://mattberseth.com/blog/2008/08/aspnet_dynamic_data_simple_5_t.htmlunfotrunately I can't find a live demo
ggonsalv
Sure this would work with this system too, you just have to edit the page templates to encrypt and decrypt whenever they look for / access an id.
Hogan
Unfortunately the code that creates the URL is hidden behind theGetActionPath of the Metamodel object. I am still unclear how the parameters are appended to the string to create the whole URL.
ggonsalv
+1  A: 

I have found the solution

With advice, I have implemented a Route that inherits from DynamicDataRoute.

The methods overridden were GetVirtualPath and GetRouteData.

Here is the global.asax page

 routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action  "List|Details|Edit|Insert"}), _
.Model = model})

Here is the Encoded DynamicDataRoute.

Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
    MyBase.New(url)
End Sub

Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
    Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
    If Not (routeData Is Nothing) Then
        DecodeRouteValues(routeData.Values)
    End If
    Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
    Dim tableName As Object
    If Not routeValues.TryGetValue("table", tableName) Then
        Return
    End If
    Dim table As MetaTable
    If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
        Return
    End If
    Dim strOutput As New StringBuilder
    Dim val As Object
    For Each column As MetaColumn In table.PrimaryKeyColumns
        If routeValues.TryGetValue(column.Name, val) Then
            strOutput.Append(column.Name & Chr(254) & val & Chr(255))
            routeValues.Remove(column.Name)
        End If
    Next
    Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
    If routeValues.ContainsKey("x") Then
        routeValues.Item("x") = out
    Else
        routeValues.Add("x", out)
    End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
    EncodeRouteValues(values)
    Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
    Dim tableName As Object
    If Not routeValues.TryGetValue("table", tableName) Then
        Return
    End If
    Dim table As MetaTable
    If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
        Return
    End If
    Dim enc As New System.Text.ASCIIEncoding()
    Dim val As Object
    If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
        Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
        Dim nameValuePairs As String() = strString.Split(Chr(255))
        Dim col As MetaColumn
        For Each str11 In nameValuePairs
            Dim vals() As String = str11.Split(Chr(254))
            If table.TryGetColumn(vals(0), col) Then
                routeValues.Add(val(0), col)
            End If
        Next
    End If
   End Sub
  End Class
ggonsalv