混淆动态数据中创建的 URL 的最佳方法是什么?
例如\Products\List.aspx?ProductId=2 可能会变成
\Products\List.aspx?x=UHJvZHVjdElkPTI=
其中“ProductId=2”采用 Base 64 编码,以防止随意窥探
\Products\List.aspx?ProductId=3
\Products\List.aspx?ProductId=4
等等...?
我可能必须从现有对象继承并覆盖某些函数 问题是哪个对象和什么函数
Metamodel 对象的 GetActionPath 看起来很有趣, 但是 DynamicRoute“{table}/{Action}.aspx” 是如何发挥作用的...
现在,在 Asp.net 1.1 站点上,我使用以下代码的自定义实现。 http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml HTTPModule 使用正则表达式重写所有查询字符串,并通过反射更改带有解码值的查询字符串集合。
那么影响改变的钩子(Hook)在哪里呢?
最佳答案
我找到了解决办法
根据建议,我实现了一个继承自 DynamicDataRoute 的 Route。
重写的方法是 GetVirtualPath 和 GetRouteData。
这是 global.asax 页面
routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action "List|Details|Edit|Insert"}), _
.Model = model})
这是编码的动态数据路由。
Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
MyBase.New(url)
End Sub
Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
If Not (routeData Is Nothing) Then
DecodeRouteValues(routeData.Values)
End If
Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim strOutput As New StringBuilder
Dim val As Object
For Each column As MetaColumn In table.PrimaryKeyColumns
If routeValues.TryGetValue(column.Name, val) Then
strOutput.Append(column.Name & Chr(254) & val & Chr(255))
routeValues.Remove(column.Name)
End If
Next
Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
If routeValues.ContainsKey("x") Then
routeValues.Item("x") = out
Else
routeValues.Add("x", out)
End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
EncodeRouteValues(values)
Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim enc As New System.Text.ASCIIEncoding()
Dim val As Object
If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
Dim nameValuePairs As String() = strString.Split(Chr(255))
Dim col As MetaColumn
For Each str11 In nameValuePairs
Dim vals() As String = str11.Split(Chr(254))
If table.TryGetColumn(vals(0), col) Then
routeValues.Add(val(0), col)
End If
Next
End If
End Sub
End Class
关于asp.net - 动态数据的加扰 URL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/2550126/