本文介绍了在ASP.NET MVC的URL加密一个id的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试图连接code在URL加密ID。像这样的: http://www.calemadr.com/Membership/Welcome/9xCnCLIwzxzBuPEjqJFxC6XJdAZqQsIDqNrRUJoW6229IIeeL4eXl5n1cnYapg+N
但是,它要么不带code正确,我也得到了加密斜杠/或者我接受和IIS错误:请求筛选模块被配置为拒绝包含的请求双转义序列。
我试过不同的编码,每一个失败:
- HttpUtility.HtmlEn code
- HttpUtility.UrlEn code
- HttpUtility.UrlPathEn code
- HttpUtility.UrlEn $ C $铜镍code
更新
问题是我,当我加密一个GUID,并将其转换成一个base64字符串,它将包含不安全的URL字符。当然,当我试图浏览到包含不安全字符的URL IIS(7.5 / Windows 7中)将炸毁。 URL编码在IIS加密的字符串将提高和错误中的Base64(的请求筛选模块被配置为拒绝包含一个双转义序列的请求。的)。我不知道它是如何检测出双带codeD字符串,但是它没有。
在尝试上述方法EN code加密的字符串以base64后。我决定删除base64编码。然而,这留下加密后的文本作为一个byte []。我试图URL编码的字节[],它的重载悬挂在httpUtility.En code方法之一。同样,虽然它是URL连接codeD,IIS不喜欢它,并担任了的找不到网页。的
我身边穿过 HexEncoding /解码类。
运用十六进制编码为加密字节的伎俩。输出是URL安全的。在另一边,我还没有与解码和解密十六进制字符串的任何问题。
解决方案
我写了一个简短博客的关于这个题目,包括完整的源$ C $ C。
它使您能够加密和解密使用的是16字符键存储在查询字符串形式的数据:
using System.Collections.Specialized;
using System.Security;
using System.Text;
using System.Web;
using EncryptionMVC.Security.Encryption.Utility.Interfaces;
using EncryptionMVC.Security.Encryption.Utility;
namespace Security.Encryption.QueryString
{
///
/// Provides a secure means for transfering data within a query string.
///
public class SecureQueryString : NameValueCollection
{
private string timeStampKey = '__TS__';
private string dateFormat = 'G';
private IEncryptionUtility mEncryptionUtil;
private DateTime m_expireTime = DateTime.MaxValue;
///
/// Creates an instance with a specified key.
///
/// The key used for cryptographic functions, required 16 chars in length.
public SecureQueryString(string key) : base()
{
mEncryptionUtil = new EncryptionUtility(key);
}
///
/// Creates an instance with a specified key and an encrypted query string.
///
/// The key used for cryptographic functions, required 16 chars in length.
/// An encrypted query string generated by a instance.
public SecureQueryString(string key, string queryString) : this(key)
{
Deserialize(DecryptAndVerify(queryString));
CheckExpiration();
}
///
/// Returns a encrypted query string.
///
///
public override string ToString()
{
return EncryptAndSign(Serialize());
}
private void Deserialize(string queryString)
{
string[] nameValuePairs = queryString.Split('&');
for (int i = 0; i <= nameValuePairs.Length - 1; i++) {
string[] nameValue = nameValuePairs(i).Split('=');
if (nameValue.Length == 2) {
base.Add(nameValue(0), nameValue(1));
}
}
if (base.GetValues(timeStampKey) != null) {
string[] strExpireTime = base.GetValues(timeStampKey);
m_expireTime = Convert.ToDateTime(strExpireTime(0));
}
}
private string Serialize()
{
StringBuilder sb = new StringBuilder();
foreach (string key in base.AllKeys) {
sb.Append(key);
sb.Append('=');
sb.Append(base.GetValues(key)(0).ToString());
sb.Append('&');
}
sb.Append(timeStampKey);
sb.Append('=');
sb.Append(m_expireTime.ToString(dateFormat));
return sb.ToString();
}
private string DecryptAndVerify(string input)
{
return mEncryptionUtil.Decrypt(input);
}
private string EncryptAndSign(string input)
{
return mEncryptionUtil.Encrypt(input);
}
private void CheckExpiration()
{
if (DateTime.Compare(m_expireTime, DateTime.Now) < 0) {
throw new ExpiredQueryStringException();
}
}
///
/// Gets or sets the timestamp in which this string should expire
///
public DateTime ExpireTime {
get { return m_expireTime; }
set { m_expireTime = value; }
}
}
}
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Index(FormCollection collection)
{
SecureQueryString qs = new SecureQueryString(mKey);
qs('YourName') = collection('name');
qs.ExpireTime = DateTime.Now.AddMinutes(2);
Response.Redirect('Home.aspx/About?data=' + HttpUtility.UrlEncode(qs.ToString()));
}
public ActionResult About()
{
if (Request('data') != null) {
try {
SecureQueryString qs = new SecureQueryString(mKey, Request('data'));
ViewData('Message') = 'Your name is ' + qs('YourName');
}
catch (Exception ex) {
}
}
return View();
}
这篇关于在ASP.NET MVC的URL加密一个id的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!