是否有可能与一个HttpModule删除一些发布数据？ [英] Is it possible to remove some post data with an HttpModule?

问题描述

我转换一个古老的传统的ASP网站asp.net。

I'm converting an old classic asp website to asp.net.

中的应用是基本上为一组给定的用户设定的工具的延伸，但它是在外部供应商托管。

The application is basically an extension of a tool set for a given set of users but it is hosted at an external vendor.

要进行无缝转换到该应用中它的帖子被解雇掉有潜在危险的Request.Form值的一些XML数据。我知道我可以关掉validateRequest国旗，但我宁愿不这么做。

To perform a seamless transfer to this application it POSTS some xml data which is firing off the "potentially dangerous Request.Form value". I know I could turn off the validateRequest flag but I would rather not do this.

我已经写了一个HttpModule这需要这些数据，并用它来验证用户，是否有可能使用相同的模块，或者为此事不同的模块，在之前的帖子数据删除这些坏的价值数据验证？

I have written an httpmodule which takes this data and uses it to authenticate the user, is it possible to use the same module, or a different module for that matter, to remove these "bad" values in the post data before that data is "validated"?

否则，如果没有这些工作思路，我愿意接受其他建议。

Otherwise if none of these ideas work, I am open to other suggestions.

推荐答案

是的。下面的类实现IHttpModule接口和寄存器和事件发生的Htt prequestValidationException检查之前，将闪光。它检查请求是POST，而且testinput不为空，然后HTML恩codeS吧。需要在类你的web.config注册为一个HttpModule。

Yes. The following class implements the IHttpModule Interface and registers and event that will fire before the HttpRequestValidationException check occurs. It checks that the request is a POST and that "testinput" is not null and then HTML Encodes it. The Class needs to be registered in your Web.config as an httpModule.

类...

using System;
using System.Collections.Specialized;
using System.Reflection;
using System.Web;

public class PrevalidationSanitizer : System.Web.IHttpModule
{
    private HttpApplication httpApp;

    public void Init(HttpApplication httpApp)
    {
        this.httpApp = httpApp;
        httpApp.PreRequestHandlerExecute += new System.EventHandler(PreRequestHandlerExecute_Event);
    }

    public void Dispose() { }

    public void PreRequestHandlerExecute_Event(object sender, System.EventArgs args)
    {
        NameValueCollection form = httpApp.Request.Form;

        Type type = form.GetType();

        PropertyInfo prop = type.GetProperty("IsReadOnly", BindingFlags.Instance 
            | BindingFlags.IgnoreCase | BindingFlags.NonPublic | BindingFlags.FlattenHierarchy);

        prop.SetValue(form, false, null);

        if (httpApp.Request.RequestType == "POST" != null 
            && httpApp.Request.Form["testinput"])
                httpApp.Request.Form.Set("testinput"
                    , httpApp.Server.HtmlEncode(httpApp.Request.Form["testinput"]));
    }
}

web.config中的条目...

web.config entry...

<system.web>
  <httpModules>
    <add type="PrevalidationSanitizer" name="PrevalidationSanitizer" />
...

这篇关于是否有可能与一个HttpModule删除一些发布数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！