0

I have an Web API OData controller that is connected to an encrypted data source. I want to send data back to clients as encrypted but do not want get search/filter functionality from client. It is needed that client can query over data as like it is a not encrypted data. I mean client have not to encrypt search criteria then pass to odata.

I found no where better than type serializer to do this. I tried to customize it and encrypt data in that place. It works in some situations but not all situations. When odata is called directly in browser (not in client app) it does not work. when client decides to only get specific fields it does not work again.

Client will decrypt data when gets encrypted data from odata.

My question is it a correct place to inject my encryption mechanism? Is there any better solution?

Following shows what I am doing currently. I have asked also similar questions here, here, here, here and here, but did get an answer for my problem.

enter image description here

Community
  • 1
  • 1
Afshar Mohebi
  • 10,479
  • 17
  • 82
  • 126

1 Answers1

0

If I understood you correctly, you want to return a model with encrypted or decrypted properties depending on the properties of your ODATA model and depending on the client request settings. So output could look like this:

{
    "Name" : "clearText"
    ,
    "Value" : "cryptText"
}

Instead of re-encryption data at the serialiser level I would actually perform that operation in the business logic that is called by you ODATA controller (or in the controller itself, if you have not separated your business logic).

The benefit of this approach would be that you still have all information (query, full model) in place, whereas encrypting data in the outgoing serialiser would also lead to have split the encryption/decryption keys into separate locations.

If you have a flow similar to this

CryptEntity cryptEntity = db.Set<T>.FirstOrDefault(e => e.Id == key);
ClearEntity clearEntity = cryptEntity.Decrypt();
// perform search depending on query settings
cryptEntity = clearEntity.Encrypt();

Instead of using (extension) methods on the entities and to further abstract your business logic from the ODATA logic and your entities, you could also use AutoMapper to perform your conversion and supply a specific constructor or type converter to it:

var cryptEntity = Mapper.Map<CryptEntity>(clearEntity);

If this does not answer your question or does not fully addresses your problem, please describe with further details and maybe some examples.

Ronald Rink 'd-fens'
  • 1,289
  • 1
  • 10
  • 27