AOP through Unity interceptors - Cryptography

By
Today, in our AOP serie, we will use Unity to encrypt/decrypt our data.

Let's imagine that you have a repo that stores personal information about users.
You may want some of this data to be encrypted, in case your database is stolen, or accessed illegaly.

Once again, AOP helps us in this situation. Let's build our sample. We will need an interface & an implementation representing the user repository.
public interface IUserRepo
    {
        bool IsUserAuthenticated(string login, [Encrypt] string password);         
        [Decrypt]
        string GetPasswordForUser(string login);
    }

public class UserRepoImpl : IUserRepo
    {
        public bool IsUserAuthenticated(string login, string password)
        {
            if (password == "1234")
                return false;

            return true;
        }

        public string GetPasswordForUser(string login)
        {
            return "wOSHX/n2NyWWn53YXVvJIg==";
        }
    }
Using this fake implementation, we just want to check that the password we use is really encrypted.
The  Decrypt & Encrypt attributes are really simple:
public class DecryptAttribute : Attribute
    { }


public class EncryptAttribute : Attribute
    { }
Finally, here is the service usage:

static void Main(string[] args)
        {
            using (var container = new UnityContainer())
            {
                container.AddNewExtension<Interception>();

                // Register
                container.RegisterType<IUserRepo, UserRepoImpl>(
                    new Interceptor<InterfaceInterceptor>(),
                    new InterceptionBehavior<CryptographicInterceptionBehavior>());

                // Resolve
                IUserRepo userRepo = container.Resolve<IUserRepo>();
             
                // Call
                bool isUserAuthenticated = userRepo.IsUserAuthenticated("John Doe", "1234");
                if (isUserAuthenticated == false)
                    throw new Exception("Encryption did not work");                 string password = userRepo.GetPasswordForUser("John Doe");

                if (password != "1234")
                    throw new Exception("Encryption did not work");

                Console.WriteLine("END");
                Console.ReadLine();
            }
        }
Let's now see how the CryptographicInterceptionBehavior is defined
public class CryptographicInterceptionBehavior : IInterceptionBehavior
    {
        public IEnumerable<Type> GetRequiredInterfaces()
        {
            return Type.EmptyTypes;
        }

        public IMethodReturn Invoke(IMethodInvocation input, GetNextInterceptionBehaviorDelegate getNext)
        {
            var parameters = input.MethodBase.GetParameters();

            foreach (var parameter in parameters)
            {
                if (parameter.GetCustomAttribute<EncryptAttribute>() != null)
                {
                    input.Arguments[parameter.Position] = Encrypt(input.Arguments[parameter.Position]);
                }
            }            var result = getNext()(input, getNext);

            if (input.MethodBase.GetCustomAttribute<DecryptAttribute>() != null)
            {
                return input.CreateMethodReturn(Decrypt(result.ReturnValue));
            }

            return result;
        }

        private object Encrypt(object input)
        {
            return StringCipher.Encrypt(input.ToString(), "");
        }

        private object Decrypt(object input)
        {
            return StringCipher.Decrypt(input.ToString(), "");
        }

        public bool WillExecute
        {
            get { return true; }
        }
    }
The StringCipher class used in this class is the one described by CraigTP in this blog post: http://stackoverflow.com/questions/10168240/encrypting-decrypting-a-string-in-c-sharp.

One advantage of using AOP to encrypt/decrypt data is that all the stuff are centralized into one place.

Comments

Post a Comment

Popular posts from this blog

EMGU with Xamarin Forms guide [part 1]

By
Image
I- Introduction, OpenCV and EMGU Do you know OpenCV ( Open Source Computer Vision Library:  https://opencv.org/ ) ?  This open source library let's you work and play with images and videos with a lot of powerful image processing algorithms !  If you want some details, I suggest you to first navigate to the link above or search for 'OpenCV' on Google.  Examples of OpenCV processing found on the web (filters, object detection, edges...): EMGU is a .NET OpenCV wrapper. That means that you will be able to use OpenCV functionnalities in your .NET projects using C# for instance. EMGU is cross platform, so you will also be able to use it in your Xamarin projects ! That's great because there is no advanced image processing library in Xamarin. In this article, we will talk about EMGU and list the steps to setup a Xamarin Forms project using EMGU . It may help you because, we must say that it's not a trivial task...  II-What do I need to
Read more »

[Xamarin Forms] Custom bottom bordered entry (iOS & Android)

By
Image
Custom entry with renderers For my Xamarin Forms project I needed to render an 'Entry' control with a bottom border of a specific color. There are several possibilities but I will show you mine. For that, I used renderers. iOS one is particularly not trivial. The wished result look like that: iOS Renderer [assembly: ExportRenderer(typeof(ExtDatePicker), typeof(ExtDatePickerRenderer))] namespace MyCompany.iOS.Renderers { public class ExtDatePickerRenderer : DatePickerRenderer { protected override void OnElementChanged(ElementChangedEventArgs<DatePicker> e) { base.OnElementChanged(e); // Need to connect to Sizechanged event because first render time, Entry has no size (-1). if (e.NewElement != null) e.NewElement.SizeChanged += (obj, args) => { var xamEl = obj as DatePicker; if (xamEl == null) ret
Read more »

Xamarin.Forms device unique ID...

By
As in a lot of applications, you will probably need to get a unique identifier to identify a unique user . And it becomes a little more complicated when you have to deal with different platforms like Android, iOS and Windows Phone... Here is a simple solution that you can implement in Xamarin Forms that I found on this blog: http://codeworks.it/blog/?p=260 First define a service that you will use in your Xamarin Forms Application: // Your service interface definition public interface IDevice { string GetIdentifier(); } // How you get your service in your app IDevice device = DependencyService.Get (); string deviceIdentifier = device.GetIdentifier(); And here are the implementations for Android / Windows Phone and the most complicated, iOS platform: // WINDOWS PHONE [assembly: Xamarin.Forms.Dependency(typeof(WinPhoneDevice))] namespace XFUniqueIdentifier.WinPhone { public class WinPhoneDevice : IDevice { public string GetIdentifier() { byte[] myDeviceId = (
Read more »