There a capability in asp.net core which provides protecting the important and sensitive data. For example, if you don't want users to see and know about the database Identity numbers in Url you can apply this feature. I create a simple service in order to make it easier and accessible from everywhere:
public interface IProtectionService
{
string Protect(string value);
string UnProtect(string value);
}
And about the implementation class:
public class ProtectionService : IProtectionService
{
private readonly IDataProtector protector;
public ProtectionService(IDataProtectionProvider provider)
{
protector = provider.CreateProtector("A_Key_Overhere");
}
public string Protect(string value)
{
return protector.Protect(value);
}
public string UnProtect(string value)
{
return protector.Unprotect(value);
}
}
We just used the IDataProtector which lives in Microsoft.AspNetCore.DataProtection namespace. In our sample, as I mentioned, suppose that we are gonna protect the Id passed to the Url, simply call the above interface:
public class ContactModel : PageModel
{
public int Id { get; set; }
private readonly IProtectionService _protectionService;
public ContactModel(IProtectionService protectionService)
{
_protectionService = protectionService;
}
public void OnGet()
{
var id = _protectionService.Protect(Id.ToString());
}
}