特殊字符发行

时间:2018-08-13 15:19:40

标签: json api asp.net-core

我正在创建.Net Core API,但遇到一个问题,我想在密码中保留'$'特殊字符。

我不知道为什么,当我在请求URL中执行post方法时,将其更改为%24

我尝试更改Normalize的用法,但没有用...

由员工控制器调用的身份验证控制器:

public static class AuthenticationController
{
    private class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
    {
        private SafeTokenHandle() // called by P/Invoke
            : base(true)
        {
        }

        protected override bool ReleaseHandle()
        {
            return CloseHandle(this.handle);
        }
    }

    private enum LogonType : uint
    {
        Network = 3, // LOGON32_LOGON_NETWORK
    }

    private enum LogonProvider : uint
    {
        WinNT50 = 3, // LOGON32_PROVIDER_WINNT50
    }

    [DllImport("kernel32.dll", SetLastError = true)]
    private static extern bool CloseHandle(IntPtr handle);

    [DllImport("advapi32.dll", SetLastError = true)]
    private static extern bool LogonUser(
        string userName, string domain, string password,
        LogonType logonType, LogonProvider logonProvider,
        out SafeTokenHandle token);

    public static void AuthenticateUser(string userName, string password)
    {

        string domain = "domain";
        string parts = domain + userName;

        SafeTokenHandle token;
        if (LogonUser(userName, domain, password, LogonType.Network, LogonProvider.WinNT50, out token))
            token.Dispose();
        else
            throw new Win32Exception(); // calls Marshal.GetLastWin32Error()
    }
}

员工控制者:

[Route("api/[controller]")]
[ApiController]
public class EmployeeController : Controller
{
    private readonly intranetApplicationAPIContext _context;

    public EmployeeController(intranetApplicationAPIContext context)
    {
        _context = context;
    }

    [HttpPost]
    public ActionResult GetEmployee(string username , string password)
    {
        try
        {

            AuthenticationController.AuthenticateUser(username, password);

            return Ok(username +"-"+ password);
        }
        catch (Win32Exception ex)
        {
            switch (ex.NativeErrorCode)
            {
                case 1326: // ERROR_LOGON_FAILURE (incorrect user name or password)
                    return BadRequest("Error code : "+ex.NativeErrorCode+" Incorrect username or password");

                case 1327: // ERROR_ACCOUNT_RESTRICTION
                    return BadRequest("Error code : " + ex.NativeErrorCode + " Account restriction");

                case 1330: // ERROR_PASSWORD_EXPIRED
                    return BadRequest("Error code : " + ex.NativeErrorCode + " Password expired");

                case 1331: // ERROR_ACCOUNT_DISABLED
                    return BadRequest("Error code : " + ex.NativeErrorCode + " Account disabled");

                case 1907: // ERROR_PASSWORD_MUST_CHANGE
                    return BadRequest("Error code : " + ex.NativeErrorCode + " Password must change");

                case 1909: // ERROR_ACCOUNT_LOCKED_OUT
                    return BadRequest("Error code : " + ex.NativeErrorCode + " Account locked out");

                default: // Other
                    return BadRequest("An error has occured");
                    ;
            }
        }
    }
}

1 个答案:

答案 0 :(得分:0)

不建议在url中发送密码或用户私人信息。(收听网络的人可以看到请求url并窃取用户密码)您可以在发布请求的正文中发送这些信息,以免遇到编码问题并安全地实现处理过程< / p>