混淆动态数据中创建的网址的最佳方法是什么?
例如\ Products \ List.aspx?ProductId = 2可能成为
\ Products \ List.aspx?x = UHJvZHVjdElkPTI =
其中“ProductId = 2”是基础64编码,以防止随意窥探
\产品\ List.aspx?产品编号= 3
\产品\ List.aspx?产品编号= 4
等...
我可能必须继承现有对象并覆盖某些功能 问题是哪个对象和什么功能
Metamodel对象的GetActionPath看起来很有趣, 但是DynamicRoute“{table} / {Action} .aspx”如何在其中发挥作用......
现在,在Asp.net 1.1网站上,我使用以下代码的自定义实现。 http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml HTTPModule使用正则表达式重写所有的查询字符串,并且使用反射更改Querystring集合中的解码值。
那么影响变化的钩子在哪里。
答案 0 :(得分:2)
我找到了解决方案
通过建议,我实现了一个继承自DynamicDataRoute的Route。
重写的方法是GetVirtualPath和GetRouteData。
这是global.asax页面
routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action "List|Details|Edit|Insert"}), _
.Model = model})
这是Encoded DynamicDataRoute。
Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
MyBase.New(url)
End Sub
Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
If Not (routeData Is Nothing) Then
DecodeRouteValues(routeData.Values)
End If
Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim strOutput As New StringBuilder
Dim val As Object
For Each column As MetaColumn In table.PrimaryKeyColumns
If routeValues.TryGetValue(column.Name, val) Then
strOutput.Append(column.Name & Chr(254) & val & Chr(255))
routeValues.Remove(column.Name)
End If
Next
Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
If routeValues.ContainsKey("x") Then
routeValues.Item("x") = out
Else
routeValues.Add("x", out)
End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
EncodeRouteValues(values)
Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim enc As New System.Text.ASCIIEncoding()
Dim val As Object
If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
Dim nameValuePairs As String() = strString.Split(Chr(255))
Dim col As MetaColumn
For Each str11 In nameValuePairs
Dim vals() As String = str11.Split(Chr(254))
If table.TryGetColumn(vals(0), col) Then
routeValues.Add(val(0), col)
End If
Next
End If
End Sub
End Class
答案 1 :(得分:1)
我是这样做的:
我在模块中创建了4个函数:
public static string EncryptInt(int val)
public static int DecryptInt(string val)
public static string DecryptStr(string str)
public static string EncryptStr(string source)
当我想创建一个网址时,我做了类似的事情:
string.Format(@"\path\file.aspx?ID={0}&name={1}",encrypt.EncryptInt(inID),encrypt.EncriptStr(inName));
当我想得到结果时,我会在检索到的param上调用Decrypt函数。
我使用了两种类型,因为它为系统添加了一个类型安全级别,但你可以只使用一个字符串,然后根据需要调用int.Parse()。
这会回答你的问题吗?
对于微软的动态数据我相信可以在模板页面背后的代码中找到钩子。