How to Prevent Parameter Tampering in asp.net core

Question

How can I prevent parameter tampering in my code below?

result = Context.Download.Where(m => m.LinkStatus == viewModel.QueryStatus).OrderBy(x => x.LinkCreatedOn).Take(viewModel.PageSize).ToList();

Please help to my code . If got let me know

Answer 1

the tamper code you are copying is for preventing code from altering a parameter (not web request). in old c# its:

 public MyParameter()  
 {  
        private string  _value;   
        public MyParameter(string value)  
        {  
              _value = value;  
        }   
        public string Value   
        {  
            get { return _value; }  
        }  
 }  
  

so if you create a variable param:

var param = new MyParameter("hello");

the param.Value can not be changed.

I suspect because this is an asp.net forum, you asked the user tampering with a route or post back value. first never assume the user has not tampered. so check that the value is one the user is allowed. that is is it is know set of values, its in the set. if it is a key, then it should be encrypted.

Answer 2

This post is tagged as asp.net Core. Typically parameter tampering in an web application happens outside C#. The browser, a proxy, or HTTP client can submit any parameter value in the URL or HTTP message.

The standard mitigation approach is authorization. The user must be authentication and authorized to invoke the HTTP action. There also the general design where the user is only able to see data related to the user's identity, role, or claim.