-
23-09-2019 - |
题
什么是混淆在动态数据创建的网址的最佳方法?
例如\产品\ List.aspx?产品编号= 2可能成为
\产品\ List.aspx X = UHJvZHVjdElkPTI =
其中,“产品编号= 2”是编码以防止偶然窃取底座64
\产品\ List.aspx?产品编号= 3
\产品\ List.aspx?产品编号= 4
等...
我可能要继承从现有对象,并覆盖某些功能 现在的问题是,其目的和什么功能
的元模型对象的GetActionPath似乎有趣, 但如何DynamicRoute“{表} / {}行动.ASPX”中发挥了进去......
目前在Asp.net 1.1网站,我使用下面的代码的自定义实现。 http://www.mvps.org/emorcillo/en/code/ ASPNET / qse.shtml 这是HTTP模块,它使用正则表达式重写所有查询字符串,并与反射与解码值改变查询字符串集合。
那么,是钩影响的变化。
解决方案
我已经找到了解决方案
使用建议,我已经实现路由从DynamicDataRoute继承。
重写为GetVirtualPath和GetRouteData的方法。
下面是在Global.asax页
routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action "List|Details|Edit|Insert"}), _
.Model = model})
下面是编码的DynamicDataRoute。
Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
MyBase.New(url)
End Sub
Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
If Not (routeData Is Nothing) Then
DecodeRouteValues(routeData.Values)
End If
Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim strOutput As New StringBuilder
Dim val As Object
For Each column As MetaColumn In table.PrimaryKeyColumns
If routeValues.TryGetValue(column.Name, val) Then
strOutput.Append(column.Name & Chr(254) & val & Chr(255))
routeValues.Remove(column.Name)
End If
Next
Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
If routeValues.ContainsKey("x") Then
routeValues.Item("x") = out
Else
routeValues.Add("x", out)
End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
EncodeRouteValues(values)
Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim enc As New System.Text.ASCIIEncoding()
Dim val As Object
If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
Dim nameValuePairs As String() = strString.Split(Chr(255))
Dim col As MetaColumn
For Each str11 In nameValuePairs
Dim vals() As String = str11.Split(Chr(254))
If table.TryGetColumn(vals(0), col) Then
routeValues.Add(val(0), col)
End If
Next
End If
End Sub
End Class
其他提示
下面是我做的:
我创建4个功能的模块中:
public static string EncryptInt(int val)
public static int DecryptInt(string val)
public static string DecryptStr(string str)
public static string EncryptStr(string source)
当我想创建一个URL我做了这样的事情:
string.Format(@"\path\file.aspx?ID={0}&name={1}",encrypt.EncryptInt(inID),encrypt.EncriptStr(inName));
当我想要得到的结果我想呼吁检索PARAM解密函数。
我用了两个类型,因为它增加了类型安全系统的水平,但你可以只使用一个用绳子,然后调用int.Parse()作为必要的。
这是否回答你的问题?
有关微软的动态数据,我相信钩子将在后面的模板页面代码中发现的。
不隶属于 StackOverflow