如何拦截和pre-过程Asp.Net查询字符串 [英] How to intercept and pre-process QueryStrings in Asp.Net

问题描述

我们通过电子邮件发送的网址注册的客户。有些电子邮件客户端都打开网址进入

We send out registration urls to clients via email. Some of the email clients are turning the url into

url <url>

我想这可能会发生，当用户将电子邮件转发到自己在这一点电子邮件客户端重新格式的原始电子邮件（也许）

I think it may be happening when users forward the email onto themselves at which point the email client re-formats the original email (maybe)

例如

https://my.app.com/login.aspx?param=var

变为

的https://my.app.com/login.aspx?param=var%20%3Chttps://my.app.com/login.aspx?param=var%3E

：检测到有潜在危险的Request.QueryString值

Which rightly produces System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected

凡在code，我应该拦截这些实例和santize的网址，使用户被重定向到URL的原始形式？

Where in the code should I intercept these instances and santize the url so that the user is re-directed onto the original form of the url?

的Global.asax？
Page_Init？
HttpHandler的？
管道？

global.asax? Page_Init? HttpHandler? Pipeline?

推荐答案

您可以在全球的Application_BeginRequest或者在一个HttpModule同一事件抓住它。

You can catch it in Global Application_BeginRequest or in the same event in an HttpModule.

全球

using System;
using System.Web;

namespace MassageIncomingRequestUrl
{
    public class Global : HttpApplication
    {
        protected void Application_BeginRequest(object sender, EventArgs e)
        {
            var app = (HttpApplication) sender;
            string path = app.Context.Request.Url.PathAndQuery;
            int pos = path.IndexOf("%20%3C");
            if (pos > -1)
            {
                path = path.Substring(0, pos);
                app.Context.RewritePath(path);
            }
        }
    }
}

模块

using System;
using System.Web;

namespace MassageIncomingRequestUrl
{
    public class UrlMungeModule : IHttpModule
    {
        #region IHttpModule Members

        public void Init(HttpApplication context)
        {
            context.BeginRequest += BeginRequest;
        }

        public void Dispose()
        {
            //nop
        }

        #endregion

        private static void BeginRequest(object sender, EventArgs e)
        {
            var app = (HttpApplication)sender;
            string path = app.Context.Request.Url.PathAndQuery;
            int pos = path.IndexOf("%20%3C");
            if (pos>-1)
            {
                path = path.Substring(0,pos);
                app.Context.RewritePath(path);
            }

        }
    }
}

这会得到您的要求与请求正确的查询字符串处理，无论你在浏览器地址看看。您可以采取额外的步骤来删除该报告的网址垃圾但这主要是公正的美学。

This will get your request processed with the correct query string in the Request, regardless of what you see in the browser address. You may be able to take extra steps to remove the garbage from the reported url but that is mainly just aesthetics.

这篇关于如何拦截和pre-过程Asp.Net查询字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！