我创建了一个带有一些简单SQL查询功能的登录页面&我正在尝试加密我的URL查询字符串,但似乎它有一些问题,每次使用我的“按钮”功能后,URL显示自己。我可以知道编码的问题是什么吗? 备注:我在web配置系统中推出了“QueryStringModule”.web& system.webServer
这是我使用的QueryStringModule.cs代码:
#region Using
using System;
using System.IO;
using System.Web;
using System.Text;
using System.Security.Cryptography;
#endregion
/// <summary>
/// Summary description for QueryStringModule
/// </summary>
public class QueryStringModule : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
// Nothing to dispose
}
public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);
}
#endregion
private const string PARAMETER_NAME = "enc=";
private const string ENCRYPTION_KEY = "key";
void context_BeginRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
if (context.Request.Url.OriginalString.Contains("aspx") && context.Request.RawUrl.Contains("?"))
{
string query = ExtractQuery(context.Request.RawUrl);
string path = GetVirtualPath();
if (query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase))
{
// Decrypts the query string and rewrites the path.
string rawQuery = query.Replace(PARAMETER_NAME, string.Empty);
string decryptedQuery = Decrypt(rawQuery);
context.RewritePath(path, string.Empty, decryptedQuery);
}
else if (context.Request.HttpMethod == "GET")
{
// Encrypt the query string and redirects to the encrypted URL.
// Remove if you don't want all query strings to be encrypted automatically.
string encryptedQuery = Encrypt(query);
context.Response.Redirect(path + encryptedQuery);
}
}
}
/// <summary>
/// Parses the current URL and extracts the virtual path without query string.
/// </summary>
/// <returns>The virtual path of the current URL.</returns>
private static string GetVirtualPath()
{
string path = HttpContext.Current.Request.RawUrl;
path = path.Substring(0, path.IndexOf("?"));
path = path.Substring(path.LastIndexOf("/") + 1);
return path;
}
/// <summary>
/// Parses a URL and returns the query string.
/// </summary>
/// <param name="url">The URL to parse.</param>
/// <returns>The query string without the question mark.</returns>
private static string ExtractQuery(string url)
{
int index = url.IndexOf("?") + 1;
return url.Substring(index);
}
#region Encryption/decryption
/// <summary>
/// The salt value used to strengthen the encryption.
/// </summary>
private readonly static byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
/// <summary>
/// Encrypts any string using the Rijndael algorithm.
/// </summary>
/// <param name="inputText">The string to encrypt.</param>
/// <returns>A Base64 encrypted string.</returns>
public static string Encrypt(string inputText)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();
byte[] plainText = Encoding.Unicode.GetBytes(inputText);
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}
/// <summary>
/// Decrypts a previously encrypted string.
/// </summary>
/// <param name="inputText">The encrypted string to decrypt.</param>
/// <returns>A decrypted string.</returns>
public static string Decrypt(string inputText)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();
byte[] encryptedData = Convert.FromBase64String(inputText);
PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (MemoryStream memoryStream = new MemoryStream(encryptedData))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
byte[] plainText = new byte[encryptedData.Length];
int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
}
}
}
}
#endregion
}
这是我的按钮功能的代码:
protected void Button1_Click(object sender, EventArgs e)
{
string sONbr = sONbrTextBox.Text;
string SOLine = sOLineTextBox.Text;
string SerialNbr = serialNbrTextBox.Text;
string PalletID = palletIDTextBox.Text;
string PackingListNo = PackingListNoTextBox.Text;
string StatusCode = statusCodeComboBox.Text;
string PackType = packTypeComboBox.Text;
string CrUserID = Request.QueryString["LogInUser"].ToString();
if (string.IsNullOrWhiteSpace(sONbr) || string.IsNullOrWhiteSpace(SOLine) || string.IsNullOrWhiteSpace(PalletID) || string.IsNullOrWhiteSpace(PackingListNo) || string.IsNullOrWhiteSpace(StatusCode) || string.IsNullOrWhiteSpace(PackType))
{
status_lbl.Text = "Please fill in all the information.";
status_lbl.Visible = true;
GridView1.Visible = false;
return;
}
else if (string.IsNullOrWhiteSpace(CrUserID))
{
status_lbl.Text = "Please login your account!";
status_lbl.Visible = true;
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Please login your account!')</script>");
Response.Redirect("Login Page.aspx");
GridView1.Visible = false;
return;
}
else
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["constr_TESTINGSystem"].ToString());
conn.Open();
SqlCommand comm = conn.CreateCommand();
comm.CommandType = CommandType.StoredProcedure;
comm.CommandText = "usp_TagNumberUpdate";
comm.Parameters.AddWithValue("@sONbr", sONbr);
comm.Parameters.AddWithValue("@SOLine", SOLine);
comm.Parameters.AddWithValue("@SerialNbr", SerialNbr);
comm.Parameters.AddWithValue("@PalletID", PalletID);
comm.Parameters.AddWithValue("@PackingListNo", PackingListNo);
comm.Parameters.AddWithValue("@StatusCode", StatusCode);
comm.Parameters.AddWithValue("@PackType", PackType);
comm.Parameters.AddWithValue("@CrUserID", CrUserID);
SqlParameter ReturnVal = comm.Parameters.Add("@return", SqlDbType.NVarChar,200);
ReturnVal.Direction = ParameterDirection.Output;
comm.ExecuteNonQuery();
string val = (string)ReturnVal.Value;
conn.Close();
status_lbl.Text = val;
status_lbl.Visible = true;
CheckBox1.Checked = false;
serialNbrTextBox.ReadOnly = true;
serialNbrTextBox.BackColor = System.Drawing.ColorTranslator.FromHtml("#A9A9A9");
serialNbrTextBox.Text = "N/A";
sONbrTextBox.Text = sOLineTextBox.Text = palletIDTextBox.Text = PackingListNoTextBox.Text = "";
GridView1.Visible = false;
}
}
protected void Button2_Click(object sender, EventArgs e)
{
string sONbr = sONbrTextBox.Text;
string SOLine = sOLineTextBox.Text;
string SerialNbr = serialNbrTextBox.Text;
if (string.IsNullOrWhiteSpace(sONbr) || string.IsNullOrWhiteSpace(SOLine) || string.IsNullOrWhiteSpace(SerialNbr))
{
status_lbl.Text = "Please fill in SO #, SO LINE & SERIAL NO to check record.";
status_lbl.Visible = true;
GridView1.Visible = false;
return;
}
else
{
status_lbl.Text = "Inquiry Successful!";
status_lbl.Visible = true;
GridView1.Visible = true;
}
}
答案 0 :(得分:1)
如何在ASP.NET中加密查询字符串。
private static string Key = "ABC123DEF456GH78";
private static byte[] GetByte(string data)
{
return Encoding.UTF8.GetBytes(data);
}
public static byte[] EncryptString(string data)
{
byte[] byteData = GetByte(data);
SymmetricAlgorithm algo = SymmetricAlgorithm.Create();
algo.Key = GetByte(Key);
algo.GenerateIV();
MemoryStream mStream = new MemoryStream();
mStream.Write(algo.IV, 0, algo.IV.Length);
CryptoStream myCrypto = new CryptoStream(mStream, algo.CreateEncryptor(), CryptoStreamMode.Write);
myCrypto.Write(byteData, 0, byteData.Length);
myCrypto.FlushFinalBlock();
return mStream.ToArray();
}