ASP.NET中加密URL的问题。 [英] Problem in Encryption of URL in ASP.NET.
本文介绍了ASP.NET中加密URL的问题。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hi程序员,
我在我的ASP.NET应用程序中实现加密后遇到问题。 QueryStringModule.cs文件在我的应用程序中使用。
我在项目中包含该文件之前未出现的问题是当用户在TextArea(HTML控件)中键入文本时,查询字符串从该文本区域获取C#代码中的数据如下:
aspx页面中的
:
Hi Programmers,
I am facing a problem in my ASP.NET application after I implemented encryption in it. The QueryStringModule.cs file is used in my application.
The problem, which was not coming before I included that file in my project is when a user types a text in TextArea (HTML Control), the querystring gets the data in C# code behind from that text area as following:
in aspx page:
<textarea rows="5" cols="50" name="comments"></textarea>
代码背后:
And in code behind:
public string comments;
new protected void Page_Load(object sender, EventArgs e)
{
comments = Request.QueryString.Get("comments");
}
但是,错误只发生在Internet Explorer中,因为加密后该文本框的文本值增加且IE确实不支持URL中超过2084个字符的长度。
文本框是用户友好的,没有输入字符限制。
有没有其他方法可以加密URL而不是以下代码。我希望通过加密的querystring传递更少的数据。
请帮助。
这是我在使用的加密/解密代码我的申请:
But, the error occurs only in Internet Explorer as the text value of that textbox after encryption increases and IE does not support the length of more than 2084 characters in URL.
The textbox is user friendly and has no limit of characters to input.
Is there any other way to encrypt the URL instead of the following code. I want to pass less data through querystring with encryption.
Please Help.
Here is the Encryption/Decryption Code which I am using in my Application:
#region Using
using System;
using System.IO;
using System.Web;
using System.Text;
using System.Security.Cryptography;
#endregion
/// <summary>
/// Summary description for QueryStringModule
/// </summary>
public class QueryStringModule : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
// Nothing to dispose
}
public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);
}
#endregion
private const string PARAMETER_NAME = "enc=";
private const string ENCRYPTION_KEY = "key";
void context_BeginRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
if (context.Request.Url.OriginalString.Contains("aspx") && context.Request.RawUrl.Contains("?"))
{
string query = ExtractQuery(context.Request.RawUrl);
string path = GetVirtualPath();
if (query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase))
{
//Decrypts the query string and rewrites the path.
string rawQuery = query.Replace(PARAMETER_NAME, string.Empty);
string decryptedQuery = Decrypt(rawQuery);
context.RewritePath(path, string.Empty, decryptedQuery);
}
else if (context.Request.HttpMethod == "GET")
{
// Encrypt the query string and redirects to the encrypted URL.
// Remove if you don't want all query strings to be encrypted automatically.
string encryptedQuery = Encrypt(query);
context.Response.Redirect(path + encryptedQuery);
}
}
}
/// <summary>
/// Parses the current URL and extracts the virtual path without query string.
/// </summary>
/// <returns>The virtual path of the current URL.</returns>
private static string GetVirtualPath()
{
string path = HttpContext.Current.Request.RawUrl;
path = path.Substring(0, path.IndexOf("?"));
path = path.Substring(path.LastIndexOf("/") + 1);
return path;
}
/// <summary>
/// Parses a URL and returns the query string.
/// </summary>
/// <param name="url">The URL to parse.</param>
/// <returns>The query string without the question mark.</returns>
private static string ExtractQuery(string url)
{
int index = url.IndexOf("?") + 1;
return url.Substring(index);
}
#region Encryption/decryption
/// <summary>
/// The salt value used to strengthen the encryption.
/// </summary>
private readonly static byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
/// <summary>
/// Encrypts any string using the Rijndael algorithm.
/// </summary>
/// <param name="inputText">The string to encrypt.</param>
/// <returns>A Base64 encrypted string.</returns>
public static string Encrypt(string inputText)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();
byte[] plainText = Encoding.Unicode.GetBytes(inputText);
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}
/// <summary>
/// Decrypts a previously encrypted string.
/// </summary>
/// <param name="inputText">The encrypted string to decrypt.</param>
/// <returns>A decrypted string.</returns>
public static string Decrypt(string inputText)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();
byte[] encryptedData = Convert.FromBase64String(inputText);
PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream(encryptedData))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
byte[] plainText = new byte[encryptedData.Length];
int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
}
}
}
}
#endregion
}
推荐答案
HTTP标准对URL长度没有限制( http://www.faqs.org/rfcs/rfc2616.html [ ^ ] - 第3.2.1节),而不是大多数现代浏览器...
但IE确实限制了它 - http://support.microsoft.com/kb/q208427 [ ^ ]。
这里有一些关于不同应用程序中URL长度的数字 - http://www.boutell.com/newfaq/misc/urllength.html [ ^ ]。
所以你在IE的情况下无法克服它,在某些情况下(非常大的文本)其他浏览器也可能会失败...
---
OT。如果您的代码不仅仅是代码学习,我几乎看不出它有什么用处。您尝试使用该HTTP模块解决了什么问题?
您可能需要重新考虑您的解决方案......
HTTP standard has no limit on URL length (http://www.faqs.org/rfcs/rfc2616.html[^] - section 3.2.1), not most of modern browsers...
However IE does limit it - http://support.microsoft.com/kb/q208427[^].
Here some numbers about URL length in different applications - http://www.boutell.com/newfaq/misc/urllength.html[^].
So you can't overcome it in case of IE and in some cases (very large text) other browsers may also fail...
---
OT. If your code not only a code-for-learning I hardly can see what it good for. What problem you try to solve with that HTTP module?
You may have to rethink your solution...
这篇关于ASP.NET中加密URL的问题。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
