如何加密查询字符串值从GridView控件传递asp.net？ [英] How to encrypt query string values passing from gridview in asp.net?

问题描述

我想因为prevent SQL注入攻击的查询字符串值在asp.net网格视图行超级链接选择传球加密。我有兴趣做的URL重写协作方法或加密方法的工作。其中一个方法是很好用？那怎么办？

I want to encrypt query string values passing from grid view row hyperlink selection in asp.net because to prevent SQL injection attack. I am interested to do that work in UrlRewriting method or Encryption method. Which one method is good to use? How to do that?

推荐答案

以下code转换。名字=斯蒂芬放大器;姓= oberauer到ARG = x2lk1rkBmXvilYTzLpfm5E9tkYSzEZnSkl7se0hNP0HsXbD82OYfiA ==和背部。

The following code converts "firstName=stephen&surname=oberauer" to "arg=x2lk1rkBmXvilYTzLpfm5E9tkYSzEZnSkl7se0hNP0HsXbD82OYfiA==" and back.

下面是一个简单的加密/解密类（请务必使用自己的密钥）

Here's a simple encryption / decryption class (make sure to use your own key)

public static class Crypt
{
    // Must be random
    private static readonly byte[] key = new byte[24] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4 };

    public static string Encrypt(string input)
    {
        byte[] inputArray = UTF8Encoding.UTF8.GetBytes(input);
        TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.GenerateKey();
        tripleDES.Key = key;
        tripleDES.Mode = CipherMode.ECB;
        tripleDES.Padding = PaddingMode.PKCS7;
        ICryptoTransform cTransform = tripleDES.CreateEncryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(inputArray, 0, inputArray.Length);
        tripleDES.Clear();
        return Convert.ToBase64String(resultArray, 0, resultArray.Length);
    }

    public static string Decrypt(string input)
    {
        byte[] inputArray = Convert.FromBase64String(input);
        TripleDESCryptoServiceProvider tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.Key = key;
        tripleDES.Mode = CipherMode.ECB;
        tripleDES.Padding = PaddingMode.PKCS7;
        ICryptoTransform cTransform = tripleDES.CreateDecryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(inputArray, 0, inputArray.Length);
        tripleDES.Clear();
        return UTF8Encoding.UTF8.GetString(resultArray);
    }
}

假设你有看起来像这样的网格视图：

Assuming you had a grid view which looked like this:

<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False">
    <Columns>
        <asp:HyperLinkField DataNavigateUrlFields="Url" DataTextField="Name" />
    </Columns>
</asp:GridView>

您可以设置网格的数据是这样的：

You could set your grid data like this:

var gridData = new[]
{  
    new { Name = "Link 1", Url = "TargetPage.aspx?arg=" + Crypt.Encrypt("firstName=stephen&surname=oberauer") },
    new { Name = "Link 2", Url = "TargetPage.aspx?arg=" + Crypt.Encrypt("firstName=joe&surname=smith") }
};
GridView1.DataSource = gridData;
GridView1.DataBind();

在你的目标页面，你可以去code中的加密查询字符串是这样的：

In your target page you could decode the encrypted query string like this:

var encryptedArgs = Request.QueryString["arg"];
var decryptedArgs = HttpUtility.ParseQueryString(Crypt.Decrypt(encryptedArgs));
FirstName.Text = decryptedArgs["firstName"];
Surname.Text = decryptedArgs["surname"];

为了确保您的查询字符串没有被篡改可以处理由解密方法和测试所提出的FormatException确保参数存在，在这种情况下，名字和姓

In order to make sure that your query string was not tampered with you can handle the FormatException raised by the Decrypt method and test to make sure that the arguments exist, in this case "firstName" and "surname".

URL重写是一个单独的问题，而如果你想使你的URL prettier就可以使用。它并不真的有很多工作要做，确保没有人查询字符串拨弄。

URL rewriting is a separate issue, which you can use if you want to make your URL prettier. It doesn't really have much to do with making sure that nobody fiddles with the query string.

这篇关于如何加密查询字符串值从GridView控件传递asp.net？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！