如何从查询字符串篡改保护？ [英] How to protect from tampering of query string?

问题描述

斐伊川，

我有一个查询字符串的http：//project/page1.aspx用户ID = 5。该操作将不被执行，如果'用户ID'参数手动更改。它是如何可能？

I have a query string like "http://project/page1.aspx?userID=5". The operation won't be performed, if the 'userID' parameter changed manually. How it is possible?

推荐答案

斐伊川一切，感谢您的帮助...我得到了一些不同的排序从其他一些网站的解决方案。我不知道，最好的解决办法。即使用加密和解密算法是EN code值...样本code已被写成这样...

Hii all, thank you for your assistance... and i got some difference sort of solution from some other sites. i don't know that the best solution. that is to encode the value using an encryption and decryption algorithm... The sample code has been written like this...

<a href='Page1.aspx?UserID=<%= HttpUtility.UrlEncode(TamperProofStringEncode("5","F44fggjj")) %>'>
        Click Here</a> <!--Created one anchor tag and call the function for TamperProofStringEncode-->

---

    
 private string TamperProofStringEncode(string value, string key)
 {
            System.Security.Cryptography.MACTripleDES mac3des = new    System.Security.Cryptography.MACTripleDES();
            System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
            mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));
            return Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(value)) + "-" + Convert.ToBase64String(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(value)));
        }

---

在第1页的页面加载致电德code算法脱code中的查询字符串

---

In the page load of 'Page1' call the decode algorithm to decode the query string

try
        {
            string DataString = TamperProofStringDecode(Request.QueryString["UserID"], "F44fggjj");
            Response.Write(DataString);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }

---

private string TamperProofStringDecode(string value, string key)
    {
        string dataValue = "";
        string calcHash = "";
        string storedHash = "";

        System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
        System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
        mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));

        try
        {
            dataValue = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[0]));
            storedHash = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[1]));
            calcHash = System.Text.Encoding.UTF8.GetString(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(dataValue)));

            if (storedHash != calcHash)
            {
                //'Data was corrupted
                throw new ArgumentException("Hash value does not match");
                //  'This error is immediately caught below

            }
        }
        catch (Exception ex)
        {
            throw new ArgumentException("Invalid TamperProofString");
        }

        return dataValue;

    } 

这篇关于如何从查询字符串篡改保护？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！