How do I encrypt URLs in ASP.NET MVC?

Question

I need to Encrypt the URLs in my ASP.NET MVC application.

Do I need to write the code in Global page in Route Collection to Encrypt all the URLs?

Answer 1

It's likely pointless to globally encrypt all the url parameters (query string). Most parameters are display items used by HttpGet. If everything is encrypted then this won't make for a very informative page. However if there are sensitive parameters that are only hidden fields (keys) on the client that eventually are returned to the server to identify a record, this might be worth encrypting.

Consider this viewModel:

public viewModel
{
    public int key {get;set;}           // Might want to encrypt
    public string FirstName {get;set;}  // Don't want this encrypted
    public string LastName {get;set;}   // Don't want this encrypted
}

The viewModel gets converted into a query string, something close to.... appName.com/index?Id=2;FirstName="John";LastName="Doe"

If this viewModel is passed as a query string, what's the point in encrypting the first and last names?

It should be noted that query strings are HttpGet. HttpPost use the session to pass values not query strings. HttpPost sessions are encrypted. But there is overhead to httpPost. So, if your page does actually contain sensitive data that needs to be displayed (perhaps the users current password) then consider going to HttpPost instead.