ASP.Net URL编码 [英] ASP.Net URL Encoding

问题描述

我实现URL在ASP.net重写和我的网址是造成我的问题，世界

I am implementing URL rewriting in ASP.net and my URLs are causing me a world of problems.

网址是来自部门和放大器的数据库生成的;类别。我希望员工能够将项目添加到与任何特殊字符都没有它打破了网站相应的数据库。

The URL is generated from a database of departments & categories. I want employees to be able to add items to the database with whatever special characters are appropriate without it breaking the site.

我是我构建的URL编码前数据。

I am encoding the data before I construct the URLs.

有几个问题...

1. IIS中的URL之前解码到达.NET使其无法正常一个/，在它解析什么。


2. ASP.net得到由URL建立〜糊涂的某些网页中无用


3. 我从内置的测试服务器到我的本地IIS服务器（XP机）和任何URL包含编码与放迁移; （26％），给了我一个错误的请求的错误。


4. 以UrlEncode叶不变，如一些重大的字符。

1. IIS decodes the URL before it reaches .net making it impossible to properly parse anything with a "/" in it.
2. ASP.net gets confused by the url making "~" useless within certain pages
3. I migrated from the built in test server to my local IIS server (XP machine) and any URL containing an encoded & (%26) gives me a "Bad Request" error.
4. UrlEncode leaves some breaking characters untouched such as '.'

我确实有另外两个关于这个问题相关的职位，当时我只看到了小问题不是大问题，逆流而上。我发现一些注册表技巧来解决错误的请求的问题，但我会被部署到一个共享的托管环境进行无用。我也知道，这是一些安全问题的解决办法，所以我不想必然绕过它不知道有什么可以蠕虫，我开。

I did have two other related posts on this subject, at the time I only saw the small problems not the big problem upstream. I've found some registry tricks to solve the "Bad Request" issue but I'm going to be deploying to a shared hosting environment making that useless. I also know that this is a fix for some security issue so I don't want to necessarily bypass it without knowing what can of worms I'm opening.

而不是试图迫使.NET传给我的原始URL，或覆盖IIS设置我想做出真正安全的URL摆在首位。

Rather than trying to force .net to pass me the raw url, or override IIS settings i'd like to make truly safe URLs in the first place.

我会注意到我已经试过AntiXss.URLEncode，HttpUtility.URLEncode，URI.EscapeDataString。我甚至试过愚蠢的事情如双URLEncodng。是否有一个工具，做我需要什么，或者我真的需要推出自己的。我甚至在考虑做一些哈克像字符的字符串，不寻常的更换％。最终的结果应至少可读这是使用URL首先重写的点。

I'll note i've tried AntiXss.URLEncode, HttpUtility.URLEncode, URI.EscapeDataString. I've even tried stupid things like double URLEncodng. Is there a utility that does what I need, or do i really need to roll my own. I'm even considering doing something Hacky like replacing the % with an unusual string of characters. The end result should be at least readable which was the point of using URL rewriting in the first place.

抱歉长后我只是想确保我已经包括了所有必要的细节。我似乎无法找到关于此的任何相关信息，而且好像这将是一个共同的问题 - 所以也许我失去了一些东西大。 ！感谢您的帮助和耐心，与长解释

Sorry for the long post- I just wanted to make sure that I've included all the necessary details. I can't seem to find any relevant information on this, and it seems like it would be a common problem - so maybe I'm missing something big. Thanks for your help, and patience with the long explanation!

---

编辑为清楚：

当我说的网址正在从数据库中我的意思是，目录结构是从我的数据库中的部门和类别contstructed建成。

When I say the urls are being built from a database what I mean is that the directory structure is contstructed from the departments and categories in my database.

的一些示例网址 -

Some Example URLS -

的MyStore /制冷/酒吧+ Fridge.aspx

的MyStore /烹饪+ Equipment.aspx

的MyStore /厨房/切割+ Boards.asxpx

Mystore/Refrigeration/Bar+Fridge.aspx
Mystore/Cooking+Equipment.aspx
Mystore/Kitchen/Cutting+Boards.asxpx

的问题进来时，我使用像一个部门饮料和放大器;酒吧或糕点/装饰来构建我的网址。尽管是第一次编码这些造成上述问题。

The problems come in when I use a department like "Beverage & Bar" or "Pastry/Decorating" to construct my URL. Despite being encoded first these cause the aforementioned issues.

我的处理程序已经实施和工作以外的特殊字符编码问题的罚款。

My handlers are already implemented and working fine except for the special character encoding issues.

推荐答案

您应该考虑关闭它针对每个类别的唯一的URL您的类别/部门表的表。然后你可以使用一个特殊的程序来生成的URL。这可以是一个SQL标量函数，或一个CLR功能，但事它会做一个是归为Web网址。您可以将饮料和放大器;酒吧到饮料，而酒吧和糕点/装饰到糕点装潢。主要是，常规需要用别的东西来代替所有无效HTTP URL字符。一个例子是这样的：

You should consider having a table off of your category/department table which has a unique URL for each category. Then you can use a special routine to generate the URLs. This can be a SQL scalar function, or a CLR function, but one of the things it would do is normalize the URL for the web. You can convert "Beverage & Bar" to "Beverage-And-Bar" and "Pastry / Decorating" to "Pastry-Decorating". Mainly, the routine needs to replace all invalid HTTP URL characters with something else. An example is this:

public static class URL
{
    static readonly Regex feet = new Regex(@"([0-9]\s?)'([^'])", RegexOptions.Compiled);
    static readonly Regex inch1 = new Regex(@"([0-9]\s?)''", RegexOptions.Compiled);
    static readonly Regex inch2 = new Regex(@"([0-9]\s?)""", RegexOptions.Compiled);
    static readonly Regex num = new Regex(@"#([0-9]+)", RegexOptions.Compiled);
    static readonly Regex dollar = new Regex(@"[$]([0-9]+)", RegexOptions.Compiled);
    static readonly Regex percent = new Regex(@"([0-9]+)%", RegexOptions.Compiled);
    static readonly Regex sep = new Regex(@"[\s_/\\+:.]", RegexOptions.Compiled);
    static readonly Regex empty = new Regex(@"[^-A-Za-z0-9]", RegexOptions.Compiled);
    static readonly Regex extra = new Regex(@"[-]+", RegexOptions.Compiled);

    public static string PrepareURL(string str)
    {
        str = str.Trim().ToLower();
        str = str.Replace("&", "and");

        str = feet.Replace(str, "$1-ft-");
        str = inch1.Replace(str, "$1-in-");
        str = inch2.Replace(str, "$1-in-");
        str = num.Replace(str, "num-$1");

        str = dollar.Replace(str, "$1-dollar-");
        str = percent.Replace(str, "$1-percent-");

        str = sep.Replace(str, "-");

        str = empty.Replace(str, string.Empty);
        str = extra.Replace(str, "-");

        str = str.Trim('-');
        return str;
    }
}

您能做出这样一个SQL增强功能，或运行URL生成作为单独的进程。然后执行映射，你会整个URL直接映射到一个类别ID。这种做法从长远来看，有以下几个原因好。首先，你是不是总是生成URL，你这样做一次，他们保持静态的，你不必担心你的程序变化，然后Googlebot不要能够找到旧网址。另外，如果你得到一个碰撞，您可能会注意到一个潜在的重复类别名称，因为冲突只会是通过特殊字符的不同。最后，您可以随时查看与数据库的网址，而不必运行映射函数。

You could make this a SQL enhance function, or run URL generation as a separate process. Then to implement mapping, you would map the entire URL directly to a category ID. This approach is better in the long run for several reasons. First, you are not always generating URLs, you do this once and they stay static, you don't have to worry about your procedure changing, and then GoogleBot not being able to find old URLs. Also, if you get a collision, you may notice a potential duplicate category name, because a collision would only be different by special characters. Finally, you can always view your URLs from the database, without having to run the mapping function.

这篇关于ASP.Net URL编码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！