how to make encrypt in asp.net mvc?

Question

i try to learn about encrypt in asp.net MVC

it's so hard to understand about it..

can some one give me simple example to use encrypt in asp.NET MVC??

i try to make simple application use encrypt in asp.net mvc. i read some article to reference about encrypt. but no one article show how to encrypt data or query with asp.net mvc 3 or 4

can some one give me reference about encrypt in asp.net mvc 3 / 4 or give me some simple example of encrypt..

Answer 1

here is library you can use to encrypt and decrypt your urls http://jbtule.github.io/keyczar-dotnet/

given your use case, you are going to create the encryted url and send it in an email

for the sake of this answer, lets pretend the encypted url is

"yourdomainname/encrypted/kladsfiopfvnjladsiopdfsipejkadsjsadipodafskl"

suppose the encrypted string represents the a string which can be decrypted to the fields username, dateValidThrough, and emailaddress, seperated by "|" charachters. ie

username + "|" + datevalidthough + "|" emailaddress

okay, so to recieve the encrypted url, you have a route in your RouteConfig.cs routes

        routes.MapRoute(
            name: "PaswordReset",
            url: "Encrypted/{id}",
            defaults: new {controller = "Password", action = "Reset", id = UrlParameter.Optional});       

this would take them to this contoller which has two methods

public class PasswordController{

  public ActionResult Reset(string id){}
    //returns a view that has a form for them to enter their username and email

  [HttpPost]
  public ActionResult Reset(string id, string username, string email){}
   //derypt here and verify etc.

 }

First, they would be shown a form in which they can enter their email address and username. it should have a hidden field for the enrypted url part

When they submit the form, decrypt the id using the passphrase that you encrypted it with.

Verify that their username and email address match up. Make sure the datevalidthrough is < today, then allow them to change their password.

To make the encrypted string, you would use the library above and it would be like

string plaintext = userName + "|" + DateTime.Today.AddDays(2).ToString() + "|" + userEmailAddress;
WebBase64 ciphertext;
string key = (new Random().Random(10000000) + 1000).ToString();

//pretend this dictionary represents a database storage medium
public static Dictionary<string,string> CypherTextToKey= new Dictionary<string,string>();

//encrypting
using (var encrypter = new Encrypter(key))  
{
   ciphertext = encrypter.Encrypt(plaintext);
}
CypherTextToKey.Add(cyphertext, key);
SendEmail(user, "Encrypted/"+cyphertext");

To decrypt it you would do something like

var key = CypherTextToKey[cyphertext]; //get the key from your database
using (var crypter = new Crypter(key)){
  var plaintext2 = crypter.Decrypt(ciphertext)
}

if all matches, give them a new password, etc.

Theres a way to operate an entire site using encrypted urls, but thats a different story and I'm not sure if thats what you need (its a bit more complicated). If you want to encrypt every url make a comment and I'll get back to you with another answer.