i am calling API with Allow Anonymous Access

Basit Nisar 40 Reputation points
2023-05-11T13:56:14.2833333+00:00
[AllowAnonymous]
        [HttpGet]
        [Route("api/HelpVideo/{ID}")]
        [ResponseType(typeof(HttpResponseMessage))]
        public HttpResponseMessage GetHelpVideo(int ID)
        {
            try
            {
                HelpContent obj = db.HelpContents.Find(ID);
                string FileName = string.Empty;
                FileName = obj.FileName;
                if (!string.IsNullOrEmpty(FileName))
                {
                    FileProvider = new FileProvider(0, Global.FileLocationType.HelpDocument);
                    if (!FileProvider.Exists(FileName))
                    {
                        return this.Request.CreateResponse(HttpStatusCode.NotFound, new { Status = Global.Status.NotFound.ToString(), Message = Global.StatusMessage.NotFound });

                    }
                    string rootPath = HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings[AppSettingsKey] + "/Help/");
                    //var decodedFileName = Uri.UnescapeDataString(FileName);
                    var vidFile = File.OpenRead(Path.Combine(rootPath, FileName));

                    return new ProgressiveDownload(Request).ResultMessage(vidFile, "video/mp4");

                }
                else
                {

                    return this.Request.CreateResponse(HttpStatusCode.NotFound, new { Status = Global.Status.NotFound.ToString(), Message = Global.StatusMessage.NotFound });
                }
            }
            catch (Exception ex)
            {
                Global.InsertException(ex);
                return this.Request.CreateResponse(HttpStatusCode.InternalServerError, new { Status = Global.Status.Invalid.ToString(), Message = Global.StatusMessage.Invalid, MessageDetail = ex.Message + (ex.InnerException == null ? "" : ex.InnerException.Message) });

            }
        }
I need to encrypt  the ID parameter How to do that???
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
1,485 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 36,261 Reputation points
    2023-05-11T21:23:42.06+00:00

    if you use guids instead of an int, they are harder to guess.

    if the user is picking from a webpage where you display the link, then you would encrypt the id and an expiration date to a base64url string using any encryption you like.

    then when you decrypt you can check if too old.

    0 comments No comments