DEVHIDE
Login Or Sign up

jCryption ASP.Net MVC

719 Views Asked by At

Our security team asked me to not submit plain text passwords in my log in page, we use HTTPS though. so I thought that I need to do client side encryption before submit, I searched for solution and decided to implement jCryption.
However the example presented there is PHP/python, after a few google found this. I did whatever was explained in the link but I don't know how to retrieve form data that user submitted in form.

screenshot of my login post back action

I only see a key returns in my login post back action and the LoginModel that should contain username, password is null.

Login.cshtml

@model Portal.Model.Membership.LoginModel
@using jCryption

@{
    Layout = null;
    jCryption.HandleRequest(Request);
}
<html>
<head>
    <script src="~/Assets/global/plugins/jquery.min.js" type="text/javascript"></script>
    <script src="~/Assets/global/plugins/jquery-migrate.min.js" type="text/javascript"></script>
    @jCryption.RenderScriptFor("form", src: @Url.Content("~/Assets/admin/scripts/jquery.jcryption.3.1.0.js"))
</head>
<body>
@using (Html.BeginForm(null, null, FormMethod.Post, new { @autocomplete = "off" }))
{
    <div class="form-body">
        <div class="form-group">
            @Html.LabelFor(x => x.Username, new { @class = "placeholder" })
            @Html.TextBoxFor(x => x.Username, new { @class = "form-input", autocomplete = "off" })
            <span></span>
        </div>


        <div class="form-group">
            @Html.LabelFor(x => x.Password, new { @class = "placeholder" })
            @Html.PasswordFor(x => x.Password, new { @class = "form-input", autocomplete = "off" })
            <span></span>
        </div>
    </div>

    <div class="form-group">
        <button id="btnLogin">Login</button>
    </div>
}
</body>
<!-- END BODY -->
</html>

Update I put break point on login post action and it popup twice, one with key and another with jCryption: jCryption form data after submit

asp.net asp.net-mvc asp.net-mvc-4 jcryption
Original Q&A
2

There are 2 best solutions below

0
On

For MVC 5, you need to adjust a little bit. at login.cshtml

    @using jCryption
    @{
        jCryption.HandleRequest(Request);
    } 

    @section Scripts {
        @Scripts.Render("~/bundles/jqueryval")

        <script src="/Scripts/jquery.jcryption.3.1.0.mod.js"></script>     

        <script type="text/javascript">

        // tweak for compatibility with jquery.validate

            (function($){
                var _jCryption = $.jCryption;
                var jCryptionMod = function(el,options){
                    var form = $(el), hasValidator = !!form.data('validator');
                    if (hasValidator){
                        var v = form.validate();
                        var prev_handler = v.settings.submitHandler;
                        v.settings.submitHandler = function (_form, event) {
                            if( prev_handler ) prev_handler.apply(this, arguments);
                            var form = $(_form);
                            if (!form.hasClass('jc-before-submit')) {
                                v.settings.submitHandler = prev_handler;
                                form.addClass('jc-before-submit');
                                setTimeout( function(){ form.trigger('_jc_submit', event); }, 100 );
                            }
                        };

                        _jCryption.call(this, form, $.extend(options, {
                            submitElement: form,
                            submitEvent: '_jc_submit',
                            beforeEncryption: function(){
                                form.removeAttr('disabled');// form element hack ( IE11 )
                                return true;
                            }
                        }));
                    } else {
                        return _jCryption.call(this,el,options);
                    }
                }
                $.extend(jCryptionMod, $.jCryption);
                $.jCryption = jCryptionMod;
            })(jQuery);
        </script> 

        <script type="text/javascript">
            $(document).ready(function(){
                var form = $('form');
                var url = form.attr('action') || '/Account/Login';
                form.jCryption({
                    getKeysURL: url + '?getPublicKey=true',
                    handshakeURL: url + '?handshake=true'
                });
            });
        </script>       
    }

AccountController, you should follow JakeJP's documentation (exact same code).

At IE F12 Developer Tools (Network-->go to detail view-->Request body), it showns &jCryptionKey= but not &UserName= and &Password=.

0
On

You lack the jCryptionHandler attribute in your action method. The attribute is responsible for handling the jCryption handshake and decryption.

[jCryptionHandler]  
public ActionResult Login(LoginModel model)
{
    return View();
}

Related Questions in ASP.NET

Related Questions in ASP.NET-MVC

Related Questions in ASP.NET-MVC-4

Related Questions in JCRYPTION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.