Tips - Secure Entity Properties

Use the SecureObjectHelper class to encrypt the entities properties. This class is welcome when using WCF without HTTPS support.

Let's take an example with the following entity (generated or not)

public class Document
{
    public long Id { get; set; }

    public string Title { get; set; }

    public string Author { get; set; }

    public string Description { get; set; }

    public string Content { get; set; }
}

Define the following extension methods

// Models | Document.custom.cs or Extensions\DocumentExtensions.cs
		
public static class DocumentExtensions
{
    private static IEnumerable<SecurePropertyInfo> GetSecurePropertyInfo(this Document source)
    {
        // 1. Define the private key (static or dynamic)

        string privateKey = "private_key_for_Document";

        // 2. Define the provider to use

        // Here we use the TripleDesSecurePropertyProvider provider to encrypt some string properties

        ISecurePropertyProvider provider = new TripleDesSecurePropertyProvider(privateKey);

        // 3. Define the properties to encrypt

        return new List<SecurePropertyInfo>
        {
            new SecurePropertyInfo(() => source.Author, provider),  // Author property
            new SecurePropertyInfo(() => source.Content, provider)  // Content property
        };
    }

    public static void SecureProperties(this Document source)
    {
        if (source != null)
        {
            SecureObjectHelper.Secure(source, GetSecurePropertyInfo(source));
        }
    }

    public static void UnsecureProperties(this Document source)
    {
        if (source != null)
        {
            SecureObjectHelper.Secure(source, GetSecurePropertyInfo(source));
        }
    }
}

Usage

// Client-side...

Document doc = new Document
{
    Id = 1,
    Title = "Title",
    Author = "Author",
    Description = "Description",
    Content = "Content"
};

doc.SecureProperties();


// Server-side...

doc.UnsecureProperties();

Encrypted properties

Illustration

Database Storage

When storing encrypted data do not forget to use a column with enough characters (or VARCHAR(MAX)) to contain the encrypted values.