I have the following model:
[Key]
public Guid SessionId { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
public string Address { get; set; }
public string Address2 { get; set; }
public string PostalCode { get; set; }
public string City { get; set; }
public string State { get; set; }
public string Country { get; set; }
public string PhoneNumber { get; set; }
public string Email { get; set; }
public int Guests { get; set; }
public DateTime CheckInDate { get; set; }
public DateTime CheckOutDate { get; set; }
public Status BookingStatus { get; set; }
public string Notes { get; set; }
public DateTime CreatedDate { get; set; }
I will be creating DTO’s from this model but i will still need the SessionId
property to be included in some of those DTO’s.
My question is how do I check the state of the SessionId
property to make sure that no one has tried to tamper with it?
My worry is that someone could interrupt the post request and try to modify the SessionId
specifically and mess around with the update to the database.
Ideally I would like to check if the SessionId
property has been modified and abort the update entirely.
If you have an endpoint that receives a dto then that’s all you know in the endpoint. If you really want to be sure they post the Id they received then you could consider adding a checksum to the dto. But how likely is it that a Guid can be tampered with successfully?