查询字符串模块加密无效

Question

我使用提供的here示例对项目进行了查询字符串加密。

当我在本地运行项目时，它工作正常：

但是当我将它发布到我的服务器时，加密根本不起作用。 服务器上的应用程序在Windows Server 2008 R2和IIS 7上运行。

也许我必须在IIS上改变一些东西？我没有线索。 任何人吗？

谢谢。

编辑： 以下是QueryStringModule类的代码：

Imports System
Imports System.IO
Imports System.Web
Imports System.Text
Imports System.Security.Cryptography


''' <summary>
''' Summary description for QueryStringModule
''' </summary>
Public Class QueryStringModule
    Implements IHttpModule

#Region "IHttpModule Members"

    Sub Init(context As HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler context.BeginRequest, AddressOf context_BeginRequest
    End Sub

    Sub Dispose() Implements System.Web.IHttpModule.Dispose
        ' Nothing to dispose
    End Sub

#End Region

    Private Const PARAMETER_NAME As String = "enc="
    Private Const ENCRYPTION_KEY As String = "key"

    Private Sub context_BeginRequest(sender As Object, e As EventArgs)
        Dim context As HttpContext = HttpContext.Current
        If context.Request.Url.OriginalString.Contains("aspx") AndAlso context.Request.RawUrl.Contains("?") Then
            Dim query As String = ExtractQuery(context.Request.RawUrl)
            Dim path As String = GetVirtualPath()

            If query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase) Then
                ' Decrypts the query string and rewrites the path.
                Dim rawQuery As String = query.Replace(PARAMETER_NAME, String.Empty)
                Dim decryptedQuery As String = Decrypt(rawQuery)
                context.RewritePath(path, String.Empty, decryptedQuery)
            ElseIf context.Request.HttpMethod = "GET" Then
                ' Encrypt the query string and redirects to the encrypted URL.
                ' Remove if you don't want all query strings to be encrypted automatically.
                Dim encryptedQuery As String = Encrypt(query)
                context.Response.Redirect(path + encryptedQuery)
            End If
        End If
    End Sub

    ''' <summary>
    ''' Parses the current URL and extracts the virtual path without query string.
    ''' </summary>
    ''' <returns>The virtual path of the current URL.</returns>
    Private Shared Function GetVirtualPath() As String
        Dim path As String = HttpContext.Current.Request.RawUrl
        path = path.Substring(0, path.IndexOf("?"))
        path = path.Substring(path.LastIndexOf("/") + 1)
        Return path
    End Function

    ''' <summary>
    ''' Parses a URL and returns the query string.
    ''' </summary>
    ''' <param name="url">The URL to parse.</param>
    ''' <returns>The query string without the question mark.</returns>
    Private Shared Function ExtractQuery(url As String) As String
        Dim index As Integer = url.IndexOf("?") + 1
        Return url.Substring(index)
    End Function

#Region "Encryption/decryption"

    ''' <summary>
    ''' The salt value used to strengthen the encryption.
    ''' </summary>
    Private Shared ReadOnly SALT As Byte() = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString())

    ''' <summary>
    ''' Encrypts any string using the Rijndael algorithm.
    ''' </summary>
    ''' <param name="inputText">The string to encrypt.</param>
    ''' <returns>A Base64 encrypted string.</returns>
    Public Shared Function Encrypt(inputText As String) As String
        Dim rijndaelCipher As New RijndaelManaged()
        Dim plainText As Byte() = Encoding.Unicode.GetBytes(inputText)
        Dim SecretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT)

        Using encryptor As ICryptoTransform = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16))
            Using memoryStream As New MemoryStream()
                Using cryptoStream As New CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)
                    cryptoStream.Write(plainText, 0, plainText.Length)
                    cryptoStream.FlushFinalBlock()
                    Return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray())
                End Using
            End Using
        End Using
    End Function

    ''' <summary>
    ''' Decrypts a previously encrypted string.
    ''' </summary>
    ''' <param name="inputText">The encrypted string to decrypt.</param>
    ''' <returns>A decrypted string.</returns>
    Public Shared Function Decrypt(inputText As String) As String
        Dim rijndaelCipher As New RijndaelManaged()
        Dim encryptedData As Byte() = Convert.FromBase64String(inputText)
        Dim secretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT)

        Using decryptor As ICryptoTransform = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16))
            Using memoryStream As New MemoryStream(encryptedData)
                Using cryptoStream As New CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)
                    Dim plainText As Byte() = New Byte(encryptedData.Length - 1) {}
                    Dim decryptedCount As Integer = cryptoStream.Read(plainText, 0, plainText.Length)
                    Return Encoding.Unicode.GetString(plainText, 0, decryptedCount)
                End Using
            End Using
        End Using
    End Function

#End Region

End Class

Answer 1

是的，这是ISS配置问题。

ISS 5或6的web.config应包含＆lt; httpModules＆gt;标记在madskristensen.net上描述。

<system.web>
    <httpModules>
         <add type="QueryStringModule" name="QueryStringModule"/>
    </httpModules>
</system.web>

如果您的Web应用程序在IIS 7上运行，则设置应该是：

<system.webServer>
    <modules>
        <add type="QueryStringModule" name="QueryStringModule"/>
    </modules>
</system.webServer>

此解决方案也被描述为here。

Answer 2

我刚刚找到了解决方案： 1 - 在服务器上打开IIS; 2 - 选择所需的网站; 3选模块; 4 - 右键单击​​“添加托管模块”; 5 - 为其命名，然后在下拉列表中找到要添加的模块; 6 - 重置IIS。