ASP.NET MVC 3路由可能存在错误?

时间:2012-02-01 01:58:46

标签: asp.net asp.net-mvc asp.net-mvc-3 asp.net-mvc-routing

通常情况下,我不会在问题中加上这样的标题,但我很确定这是一个错误(或设计?)

我创建了一个全新的ASP.NET MVC 3 Web应用程序。

然后我去了/ Home / About页面。

此页面的网址为:

http://localhost:51419/Home/About

然后我将网址更改为:

http://localhost:51419/(A(a))/Home/About

页面有效吗?查看路线值,controller = Home,Action = About。它忽略了第一部分?

如果我查看来源中的所有链接:

<link href="/(A(a))/Content/Site.css" rel="stylesheet" type="text/css" />
<script src="/(A(a))/Scripts/jquery-1.5.1.min.js" type="text/javascript"></script>
<script src="/(A(a))/Scripts/modernizr-1.7.min.js" type="text/javascript"></script>

<li><a href="/(A(a))/">Home</a></li>
<li><a href="/(A(a))/Home/About">About</a></li>

看看第一部分是如何维护的?这就像路由引擎认为它是域的一部分还是什么?

我觉得这是一个正则表达式的事情,因为如果我将URL更改为:

http://localhost:51419/(a(a))/Home/About

(例如,将大写字母A改为小写字母)

404's。

有人可以对此有所了解吗?这是一个错误还是设计?

3 个答案:

答案 0 :(得分:5)

这似乎与ASP.NET管道中的无Cookie会话有关。它在处理请求时删除了CookielessHelper.cs(System.Web.Security)中的URL模式:

    // This function is called for all requests -- it must be performant.
    //    In the common case (i.e. value not present in the URI, it must not
    //    look at the headers collection
    internal void RemoveCookielessValuesFromPath() 
    {
        // See if the path contains "/(XXXXX)/" 
        string   path      = _Context.Request.ClientFilePath.VirtualPathString; 
        // Optimize for the common case where there is no cookie
        if (path.IndexOf('(') == -1) { 
            return;
        }
        int      endPos    = path.LastIndexOf(")/", StringComparison.Ordinal);
        int      startPos  = (endPos > 2 ?  path.LastIndexOf("/(", endPos - 1, endPos, StringComparison.Ordinal) : -1); 

        if (startPos < 0) // pattern not found: common case, exit immediately 
            return; 

        if (_Headers == null) // Header should always be processed first 
            GetCookielessValuesFromHeader();

        // if the path contains a cookie, remove it
        if (IsValidHeader(path, startPos + 2, endPos)) 
        {
            // only set _Headers if not already set 
            if (_Headers == null) { 
                _Headers = path.Substring(startPos + 2, endPos - startPos - 2);
            } 
            // Rewrite the path
            path = path.Substring(0, startPos) + path.Substring(endPos+1);

            // remove cookie from ClientFilePath 
            _Context.Request.ClientFilePath = VirtualPath.CreateAbsolute(path);
            // get and append query string to path if it exists 
            string rawUrl = _Context.Request.RawUrl; 
            int qsIndex = rawUrl.IndexOf('?');
            if (qsIndex > -1) { 
                path = path + rawUrl.Substring(qsIndex);
            }
            // remove cookie from RawUrl
            _Context.Request.RawUrl = path; 

            if (!String.IsNullOrEmpty(_Headers)) { 
                _Context.Request.ValidateCookielessHeaderIfRequiredByConfig(_Headers); // ensure that the path doesn't contain invalid chars 
                _Context.Response.SetAppPathModifier("(" + _Headers + ")");

                // For Cassini and scenarios where aspnet_filter.dll is not used,
                // HttpRequest.FilePath also needs to have the cookie removed.
                string filePath = _Context.Request.FilePath;
                string newFilePath = _Context.Response.RemoveAppPathModifier(filePath); 
                if (!Object.ReferenceEquals(filePath, newFilePath)) {
                    _Context.RewritePath(VirtualPath.CreateAbsolute(newFilePath), 
                                         _Context.Request.PathInfoObject, 
                                         null /*newQueryString*/,
                                         false /*setClientFilePath*/); 
                }
            }
        }
    }

您的模式符合以下条件:

    ///////////////////////////////////////////////////////////////////////
    /////////////////////////////////////////////////////////////////////// 
    // Make sure sub-string if of the pattern: A(XXXX)N(XXXXX)P(XXXXX) and so on. 
    static private bool IsValidHeader(string path, int startPos, int endPos)
    { 
        if (endPos - startPos < 3) // Minimum len is "X()"
            return false;

        while (startPos <= endPos - 3) { // Each iteration deals with one "A(XXXX)" pattern 

            if (path[startPos] < 'A' || path[startPos] > 'Z') // Make sure pattern starts with a capital letter 
                return false; 

            if (path[startPos + 1] != '(') // Make sure next char is '(' 
                return false;

            startPos += 2;
            bool found = false; 
            for (; startPos < endPos; startPos++) { // Find the ending ')'

                if (path[startPos] == ')') { // found it! 
                    startPos++; // Set position for the next pattern
                    found = true; 
                    break; // Break out of this for-loop.
                }

                if (path[startPos] == '/') { // Can't contain path separaters 
                    return false;
                } 
            } 
            if (!found)  {
                return false; // Ending ')' not found! 
            }
        }

        if (startPos < endPos) // All chars consumed? 
            return false;

        return true; 
    }

答案 1 :(得分:0)

您可能想尝试在路由映射中添加IgnoreRoute - 但我承认我不确定提供哪种格式来匹配所有可能的无Cookie路径。

答案 2 :(得分:-1)

我同意@pjumble分析,但不同意他的解决方案 禁用表单身份验证或匿名身份验证的无Cookie身份验证。

这将阻止禁用Cookie的用户进行身份验证。但无论如何谁都在乎,现在每个人都会激活cookie,因为没有现代网站就可以使用。

添加web.config:

<anonymousIdentification enabled="false" />
<authentication mode="None" />


<anonymousIdentification enabled="true" cookieless="UseCookies" ... />
<authentication mode="Forms">
  <forms name="Auth" cookieless="UseCookies" ... />
</authentication>
相关问题
最新问题