加扰动态数据的URLS

时间:2010-03-31 02:41:49

标签: asp.net encryption parameters asp.net-routing asp.net-dynamic-data

混淆动态数据中创建的网址的最佳方法是什么?

例如\ Products \ List.aspx?ProductId = 2可能成为

\ Products \ List.aspx?x = UHJvZHVjdElkPTI =

其中“ProductId = 2”是基础64编码,以防止随意窥探

\产品\ List.aspx?产品编号= 3

\产品\ List.aspx?产品编号= 4

等...

我可能必须继承现有对象并覆盖某些功能 问题是哪个对象和什么功能

Metamodel对象的GetActionPath看起来很有趣, 但是DynamicRoute“{table} / {Action} .aspx”如何在其中发挥作用......

现在,在Asp.net 1.1网站上,我使用以下代码的自定义实现。 http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml HTTPModule使用正则表达式重写所有的查询字符串,并且使用反射更改Querystring集合中的解码值。

那么影响变化的钩子在哪里。

2 个答案:

答案 0 :(得分:2)

我找到了解决方案

通过建议,我实现了一个继承自DynamicDataRoute的Route。

重写的方法是GetVirtualPath和GetRouteData。

这是global.asax页面

 routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action  "List|Details|Edit|Insert"}), _
.Model = model})

这是Encoded DynamicDataRoute。

Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
    MyBase.New(url)
End Sub

Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
    Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
    If Not (routeData Is Nothing) Then
        DecodeRouteValues(routeData.Values)
    End If
    Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
    Dim tableName As Object
    If Not routeValues.TryGetValue("table", tableName) Then
        Return
    End If
    Dim table As MetaTable
    If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
        Return
    End If
    Dim strOutput As New StringBuilder
    Dim val As Object
    For Each column As MetaColumn In table.PrimaryKeyColumns
        If routeValues.TryGetValue(column.Name, val) Then
            strOutput.Append(column.Name & Chr(254) & val & Chr(255))
            routeValues.Remove(column.Name)
        End If
    Next
    Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
    If routeValues.ContainsKey("x") Then
        routeValues.Item("x") = out
    Else
        routeValues.Add("x", out)
    End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
    EncodeRouteValues(values)
    Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
    Dim tableName As Object
    If Not routeValues.TryGetValue("table", tableName) Then
        Return
    End If
    Dim table As MetaTable
    If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
        Return
    End If
    Dim enc As New System.Text.ASCIIEncoding()
    Dim val As Object
    If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
        Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
        Dim nameValuePairs As String() = strString.Split(Chr(255))
        Dim col As MetaColumn
        For Each str11 In nameValuePairs
            Dim vals() As String = str11.Split(Chr(254))
            If table.TryGetColumn(vals(0), col) Then
                routeValues.Add(val(0), col)
            End If
        Next
    End If
   End Sub
  End Class

答案 1 :(得分:1)

我是这样做的:

我在模块中创建了4个函数:

public static string EncryptInt(int val)
public static int DecryptInt(string val)
public static string DecryptStr(string str)
public static string EncryptStr(string source)

当我想创建一个网址时,我做了类似的事情:

 string.Format(@"\path\file.aspx?ID={0}&name={1}",encrypt.EncryptInt(inID),encrypt.EncriptStr(inName)); 

当我想得到结果时,我会在检索到的param上调用Decrypt函数。

我使用了两种类型,因为它为系统添加了一个类型安全级别,但你可以只使用一个字符串,然后根据需要调用int.Parse()。

这会回答你的问题吗?

对于微软的动态数据我相信可以在模板页面背后的代码中找到钩子。