English 中文(简体)
• 如何从回归价值加密方法中去除非法char果,以用于扼杀var
原标题:how remove illegal chars from returned value fo encryption method to use in query string vars

我正在开发一个App.net的项目,并且有加密方法。 当它被用于加密时,它就归还了含有诸如+等一些果园的插图,而且由于在我的询问中使用了其回归的数值,即需要拆除这些果园。

页: 1

http://localhost/Cpanel/CompanyInfo/Hotels/EditHotel/VKWbk+G9F6E=

Error : HTTP Error 404.11 - Not Found The request filtering module is configured to deny a request that contains a double escape sequence.

http://localhost/Cpanel/CompanyInfo/Hotels/EditHotel/bprrmsZ6atI=

著作

这是我的加密方法:

 public static string EncryptString(string Message)
        {
            string Passphrase = System.Configuration.ConfigurationSettings.AppSettings["CryptographyKey"];

            byte[] Results;
            System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();

            //Hash the passphrase using MD5            
            MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
            byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase));

            TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
            TDESAlgorithm.Key = TDESKey;
            TDESAlgorithm.Mode = CipherMode.ECB;
            TDESAlgorithm.Padding = PaddingMode.PKCS7;

            byte[] DataToEncrypt = UTF8.GetBytes(Message);

            try
            {
                ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
                Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
            }
            finally
            {
                TDESAlgorithm.Clear();
                HashProvider.Clear();
            }

            return HttpUtility.HtmlEncode(Convert.ToBase64String(Results));
        }

如何做到这一点?

最佳回答

当你准备显示价值时,情况如下:

Server.UrlEncode(Variable)

然后通过询问。

在阅读时,对编码的使用方法如下:

Server.UrlDecode("QuerySting");

让我了解任何关切。

时间:2012-01-12 09:12:50
问题回答

看来你的“加密”是一种基础64编码。 第64基地只使用字母数字特性、+特性和平等=特性。 平等性并不引起任何问题,只有“+”(在《国际仲裁裁决汇编》中被解释为空间)。 你可以直截了当。 将“+”改为“......,反之亦然”,由主控制人来做。

另一种做法(不需要修改法典)是允许在你的网站上重复使用。 召集:

<system.webServer>
    <security>
        <requestFiltering allowDoubleEscaping="true"/>
    </security>
</system.webServer>

This will only work with IIS, not with ASP.NET Development Server. However, this imposes some security concerns. For details, here is a very god article covering this: http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx

时间:2012-01-12 09:07:33


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Transaction handling with TransactionScope

I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...

时间:2009-11-05 09:45:28 回答:1 展示:1
System.Web.Mvc.Controller Initialize

i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...

时间:2009-11-05 09:38:39 回答:2 展示:1
Microsoft.Contracts namespace

For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?

时间:2009-11-05 09:36:09 回答:2 展示:1
Separator line in ASP.NET

I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!

时间:2009-11-05 09:27:29 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全