version number to 1.3.3

updated documentation
jCryption.Mvc file moved to Filters folder

Author: JakeJP

App_Code/jCryption.cs

@@ -1,7 +1,9 @@
 /*
- * jCryption.NET v 1.3.2
+ * jCryption.NET v 1.3.3
  * is a server side implementation for jCryption v3.0 and ASP.NET
  * written by Jake.Y.Yoshimura
+ * https://github.com/JakeJP/jCryption.NET
+ * 
  * MIT license.
  * http://www.opensource.org/licenses/mit-license.php
  * 

App_Code/jCryption.Mvc.cs Filters/jCryption.Mvc.cs

@@ -1,4 +1,15 @@
-using System;
+/*
+ * jCryption.NET v 1.3.3
+ * additional compornent for MVC
+ * https://github.com/JakeJP/jCryption.NET
+ * MIT license.
+ * http://www.opensource.org/licenses/mit-license.php
+ * 
+ * jCryption client side library is originally created by Daniel Griesser:
+ * http://www.jcryption.org/
+ * 
+ */
+using System;
 using System.Web.Mvc;
 namespace jCryption
 {

README.md

@@ -15,40 +15,12 @@ What's notable of this ASP.NET server side library:
   - Respecting original jCryption protocol (OpenSSL PEM style format and negotiation)
   - OpenSSL independent ( using .NET native RSA/AES crypto library )
   - RSA keys are automatically generated on server side (no need of PEM file preparation)
-  - Integration with ASPX and CSHTML (WebPages) Request.Form is automatically replaced with decrypted content.
+  - Integration with ASPX, WebPages(cshtml) and MVC. Request.Form is automatically replaced with decrypted content.
   - Silently deactivates under HTTPS secure connection ( with cshtml helper methods )
   - load initial form data through encryption ( with CSHTML helper )
   - load encrypted HTML content rendering support (1.2)
   - Compatibility with jquery.validate
 
-  
-Version
-----
-####1.3.2 update
- - updated jcryption.3.1.0.mod.js and exsmples
-
-####1.3.2
- - fix RenderScriptFor src, script parameter handling
-
-####1.3.1
- - fix for Unvalidated Form problem
- - add script parameter for RenderScript
-
-####1.3
- - Refactor of CSHTML helper functions
-
-####1.2
- - Encrypted HTML content rendering support (CSHTML)
-
-####1.1
- - jCryption version 3.1.0
- - secure form data loading ( on CSHTML )
-
-####1.0.1
- - now works with jquery.validate
-
-####1.0
-
 Suggestions for original jCryption
 ---
  - AESKey may be only one per page over multiple forms on the same page, since server-side holds only one key in the session state ( with the implementation of PHP ).
@@ -57,25 +29,33 @@ Suggestions for original jCryption
  - Handle form's submit event (not click). 'click' event occurs before form validation for example.
  - if AES key is attached to encrypted form post with 'jCryption'? This makes form post 'session' independent and allows form re-post by pressing F5.
 
+jquery.jcryption.x.x.x.mod.js is the modified version which solves the problems above. mod version is also needed to work with MVC properly.
+
 Dependency
 ---
  - jQuery ( on which jCryption depends ) http://jquery.com/
  - jCryption 3.0.1 or later http://www.jcryption.org/
  - ASP.NET 4.0 or later
- - ( ASP.NET WebPages 2.0 or later )
+ - ASP.NET WebPages 2.0 or later (option)
+ - ASP.NET MVC 4 or later (option)
 
 Installation
 ---
-
- - App_Code/jCryption.cs
- - Scripts/jquery.jcryption.3.1.0.js
+ASP.NET or ASP.NET WebPages
+ - App_Code/jCryption.cs (ASP.NET and WebPages)
+ - Scripts/jquery.jcryption.3.1.0.js ( or mod version )
+
+ASP.NET MVC 4 or later
+ - Filters/jCryption.cs [compile]
+ - Filters/jCryption.Mvc.cs [compile]
+ - Scripts/jquery.jcryption.3.1.0.mod.js
 
 
 Integration Examples
 ---
 
 
-###ASPX
+##ASPX
 Make ASPX page inherit jCryption.SecurePage. SecurePage handles the negotiations with jCryption client javascript library. Javascript initialization should be placed so that 'getKeysURL' and 'handshakeURL' can access the Page.
 
 ```aspx
@@ -95,9 +75,37 @@ Make ASPX page inherit jCryption.SecurePage. SecurePage handles the negotiations
 	</head>
 ......
 
+```
+##ASP.NET MVC
+Place both `jCryption.cs` and `jCryption.Mvc.cs`  to be compiled in the project. They can be placed in any folder. Handshake and decryption are processed through jCryptionHandlerAttribute.
+
+ - Decorate action methods that are potentially responsible to handle jCryption handshake and decryption with `[jCryptionHandler]` . The following example shows 2 Login methods must have `[jCryptionHandler]` attribute.
+
+```cs
+// GET: /Account/Login
+[AllowAnonymous]
+[jCryptionHandler]
+public ActionResult Login(string returnUrl)
+{ . . . }
+
+// POST: /Account/Login
+[HttpPost]
+[AllowAnonymous]
+[jCryptionHandler]
+[ValidateAntiForgeryToken(Order=0)] // to make sure this action comes after jCryptionHandler
+public ActionResult Login(LoginModel model, string returnUrl)
+{ ... }
+```
+
+ - Include client side script in the form page.
+```cs
+@jCryption.RenderScriptFor("form",src:"/Scripts/jquery.jcryption.3.1.0.mod.js")
 ```
 
-###CSHTML
+*mod version (jquery.jcryption.3.1.0.mod.js) is recommended to use with MVC, for some difficulties of SessionSate at simultaneous requests.*
+
+
+###ASP.NET WebPages (cshtml)
  1. declare namespace access to 'jCryption' on the top of page.```@using jCryption```
  2. call ```jCryption.HandleRequest(Request)``` on the top of page to handle all background negotiations.
  3. include all depending scripts ( jQuery )
@@ -119,19 +127,17 @@ Make ASPX page inherit jCryption.SecurePage. SecurePage handles the negotiations
 <html>
 <head>
     <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
-    @jCryption.RenderScriptFor("#normal", src: "Scripts/jquery.jcryption.3.1.0.js")
+    @jCryption.RenderScriptFor("#form", src: "/Scripts/jquery.jcryption.3.1.0.js")
 </head>
 ......
-<form id="normal">
+<form id="form">
 .....
 </form>
 ......
 
 ```
 
-
-
-###CSHTML page with secure initial form data loading
+###Secure initial form data loading with cshtml page
 jCryption provides a way to encrypt client to server data transfer but it does not protect form values that are initially rendered by server in a HTML form like ```<input name='Name' value='Smith' />```
 
 This library provides some more methods to protect server to client transfered form data. 
@@ -140,22 +146,53 @@ This library provides some more methods to protect server to client transfered f
 
 is used to decorate name and value attributes in ```<input>```.
 
-```<input type='text' @jCryption.SecureNameValue("Name", "Smith") />```
+```html
+<input type='text' @jCryption.SecureNameValue("Name", "Smith") />
+```
 
 ####@jCryption.SecureNameValueCheck( String name, String value, bool check )
 is used for checkbox and radio type input element.
 
+```html
+<input type='checkbox' @jCryption.SecureNameValueCheck("Animal", "Dog", true ) />
+<input type='checkbox' @jCryption.SecureNameValueCheck("Animal", "Cat", false ) />
 ```
-    <input type='checkbox' @jCryption.SecureNameValueCheck("Animal", "Dog", true ) />
-    <input type='checkbox' @jCryption.SecureNameValueCheck("Animal", "Cat", false ) />
-```
-
-####@jCryption.RenderLoadFormData() [deleted]
 
+####[email protected]() [deleted]~~
 ####@jCryption.LoadSecureContents()
-must be placed after all SecureNameValue* funtion calls.
+must be placed after all **SecureNameValue** function calls.
 This renders a javascript block with encrypted form values, which are to be decrypted through server-client negotiation. Form elements are filled in javascript calls.
 
+Version
+----
+#####1.3.3
+ - added MVC support
+
+#####1.3.2 update
+ - updated jcryption.3.1.0.mod.js and examples
+
+#####1.3.2
+ - fix RenderScriptFor src, script parameter handling
+
+#####1.3.1
+ - fix for Unvalidated Form problem
+ - add script parameter for RenderScript
+
+#####1.3
+ - Refactor of CSHTML helper functions
+
+#####1.2
+ - Encrypted HTML content rendering support (CSHTML)
+
+#####1.1
+ - jCryption version 3.1.0
+ - secure form data loading ( on CSHTML )
+
+#####1.0.1
+ - now works with jquery.validate
+
+#####1.0
+
 License
 ----
 Same as original jCryption,

Scripts/jquery.jcryption.3.1.0.mod.js

@@ -9,7 +9,7 @@
 * If you need any further information about this plugin please
 * visit my homepage or contact me under [email protected]
 *
-* .mod. version with some tweaks added by [email protected]
+* .mod. version has some tweaks added by [email protected]
 *  - allows form re-posting by pressing F5 or browser refresh ( posting AES key together with form data )
 *  - share AES key amoung multiple forms on the same page
 *  - handles form's submit event ( not click event ) by default

Web.config

@@ -4,23 +4,9 @@
     <add key="webPages:Version" value="2.0"/>
   </appSettings>
   <system.web>
-    <compilation debug="true" targetFramework="4.0">
-      <assemblies>
-        <add assembly="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
-        <add assembly="System.Web.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
-        <add assembly="System.Web.Helpers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
-        <add assembly="System.Web.WebPages, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
-        <add assembly="System.Web.WebPages.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
-        <add assembly="System.Web.Mvc, Version=4.0.0.1, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
-      </assemblies>
-    </compilation>
+    <compilation debug="true" targetFramework="4.0"/>
   </system.web>
   <runtime>
-    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35"/>
-        <bindingRedirect oldVersion="4.0.0.0-4.0.0.1" newVersion="4.0.0.1"/>
-      </dependentAssembly>
-    </assemblyBinding>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"/>
   </runtime>
 </configuration>