是否有可能与一个HttpModule删除一些发布数据? [英] Is it possible to remove some post data with an HttpModule?
问题描述
我转换一个古老的传统的ASP网站asp.net。
I'm converting an old classic asp website to asp.net.
中的应用是基本上为一组给定的用户设定的工具的延伸,但它是在外部供应商托管。
The application is basically an extension of a tool set for a given set of users but it is hosted at an external vendor.
要进行无缝转换到该应用中它的帖子被解雇掉有潜在危险的Request.Form值的一些XML数据。我知道我可以关掉validateRequest国旗,但我宁愿不这么做。
To perform a seamless transfer to this application it POSTS some xml data which is firing off the "potentially dangerous Request.Form value". I know I could turn off the validateRequest flag but I would rather not do this.
我已经写了一个HttpModule这需要这些数据,并用它来验证用户,是否有可能使用相同的模块,或者为此事不同的模块,在之前的帖子数据删除这些坏的价值数据验证?
I have written an httpmodule which takes this data and uses it to authenticate the user, is it possible to use the same module, or a different module for that matter, to remove these "bad" values in the post data before that data is "validated"?
否则,如果没有这些工作思路,我愿意接受其他建议。
Otherwise if none of these ideas work, I am open to other suggestions.
推荐答案
是的。下面的类实现IHttpModule接口和寄存器和事件发生的Htt prequestValidationException检查之前,将闪光。它检查请求是POST,而且testinput不为空,然后HTML恩codeS吧。需要在类你的web.config注册为一个HttpModule。
Yes. The following class implements the IHttpModule Interface and registers and event that will fire before the HttpRequestValidationException check occurs. It checks that the request is a POST and that "testinput" is not null and then HTML Encodes it. The Class needs to be registered in your Web.config as an httpModule.
类...
using System;
using System.Collections.Specialized;
using System.Reflection;
using System.Web;
public class PrevalidationSanitizer : System.Web.IHttpModule
{
private HttpApplication httpApp;
public void Init(HttpApplication httpApp)
{
this.httpApp = httpApp;
httpApp.PreRequestHandlerExecute += new System.EventHandler(PreRequestHandlerExecute_Event);
}
public void Dispose() { }
public void PreRequestHandlerExecute_Event(object sender, System.EventArgs args)
{
NameValueCollection form = httpApp.Request.Form;
Type type = form.GetType();
PropertyInfo prop = type.GetProperty("IsReadOnly", BindingFlags.Instance
| BindingFlags.IgnoreCase | BindingFlags.NonPublic | BindingFlags.FlattenHierarchy);
prop.SetValue(form, false, null);
if (httpApp.Request.RequestType == "POST" != null
&& httpApp.Request.Form["testinput"])
httpApp.Request.Form.Set("testinput"
, httpApp.Server.HtmlEncode(httpApp.Request.Form["testinput"]));
}
}
web.config中的条目...
web.config entry...
<system.web>
<httpModules>
<add type="PrevalidationSanitizer" name="PrevalidationSanitizer" />
...
这篇关于是否有可能与一个HttpModule删除一些发布数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!