Reputation: 53
jCryption ASP.Net MVC
Our security team asked me to not submit plain text passwords in my log in page, we use HTTPS though. so I thought that I need to do client side encryption before submit, I searched for solution and decided to implement jCryption.
However the example presented there is PHP/python, after a few google found this. I did whatever was explained in the link but I don't know how to retrieve form data that user submitted in form.
I only see a key returns in my login post back action and the LoginModel that should contain username, password is null.
Login.cshtml
@model Portal.Model.Membership.LoginModel
@using jCryption
@{
Layout = null;
jCryption.HandleRequest(Request);
}
<html>
<head>
<script src="~/Assets/global/plugins/jquery.min.js" type="text/javascript"></script>
<script src="~/Assets/global/plugins/jquery-migrate.min.js" type="text/javascript"></script>
@jCryption.RenderScriptFor("form", src: @Url.Content("~/Assets/admin/scripts/jquery.jcryption.3.1.0.js"))
</head>
<body>
@using (Html.BeginForm(null, null, FormMethod.Post, new { @autocomplete = "off" }))
{
<div class="form-body">
<div class="form-group">
@Html.LabelFor(x => x.Username, new { @class = "placeholder" })
@Html.TextBoxFor(x => x.Username, new { @class = "form-input", autocomplete = "off" })
<span></span>
</div>
<div class="form-group">
@Html.LabelFor(x => x.Password, new { @class = "placeholder" })
@Html.PasswordFor(x => x.Password, new { @class = "form-input", autocomplete = "off" })
<span></span>
</div>
</div>
<div class="form-group">
<button id="btnLogin">Login</button>
</div>
}
</body>
<!-- END BODY -->
</html>
Update
I put break point on login post action and it popup twice, one with key and another with jCryption:
Upvotes: 2
Views: 726
Answers (2)
Reputation: 23
You lack the jCryptionHandler attribute in your action method. The attribute is responsible for handling the jCryption handshake and decryption.
[jCryptionHandler]
public ActionResult Login(LoginModel model)
{
return View();
}
Upvotes: 0
Reputation: 1
For MVC 5, you need to adjust a little bit. at login.cshtml
@using jCryption
@{
jCryption.HandleRequest(Request);
}
@section Scripts {
@Scripts.Render("~/bundles/jqueryval")
<script src="/Scripts/jquery.jcryption.3.1.0.mod.js"></script>
<script type="text/javascript">
// tweak for compatibility with jquery.validate
(function($){
var _jCryption = $.jCryption;
var jCryptionMod = function(el,options){
var form = $(el), hasValidator = !!form.data('validator');
if (hasValidator){
var v = form.validate();
var prev_handler = v.settings.submitHandler;
v.settings.submitHandler = function (_form, event) {
if( prev_handler ) prev_handler.apply(this, arguments);
var form = $(_form);
if (!form.hasClass('jc-before-submit')) {
v.settings.submitHandler = prev_handler;
form.addClass('jc-before-submit');
setTimeout( function(){ form.trigger('_jc_submit', event); }, 100 );
}
};
_jCryption.call(this, form, $.extend(options, {
submitElement: form,
submitEvent: '_jc_submit',
beforeEncryption: function(){
form.removeAttr('disabled');// form element hack ( IE11 )
return true;
}
}));
} else {
return _jCryption.call(this,el,options);
}
}
$.extend(jCryptionMod, $.jCryption);
$.jCryption = jCryptionMod;
})(jQuery);
</script>
<script type="text/javascript">
$(document).ready(function(){
var form = $('form');
var url = form.attr('action') || '/Account/Login';
form.jCryption({
getKeysURL: url + '?getPublicKey=true',
handshakeURL: url + '?handshake=true'
});
});
</script>
}
AccountController, you should follow JakeJP's documentation (exact same code).
At IE F12 Developer Tools (Network-->go to detail view-->Request body), it showns &jCryptionKey= but not &UserName= and &Password=.
Upvotes: 0
Related Questions
- How to decrypt data before the view?
- How do i encrypt and decrypt in model in asp.net mvc 5
- How to decrypt data for an MVC View?
- decrypt data in view in MVC?
- How to encrypt and decrypt data in MVC?
- Encryption in MVC 5
- encryption and decryption in asp.net with c#
- How to decrypt the encrypted value in code behind using cryptoJs in MVC
- Encrypting form data in MVC C#
- ASP.NET MVC Form encryption algorithm?