是否可以使用 HttpModule 删除一些帖子数据?

Is it possible to remove some post data with an HttpModule?(是否可以使用 HttpModule 删除一些帖子数据?)
本文介绍了是否可以使用 HttpModule 删除一些帖子数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在将一个旧的经典 asp 网站转换为 asp.net.

I'm converting an old classic asp website to asp.net.

该应用程序基本上是针对给定用户集的工具集的扩展,但它由外部供应商托管.

The application is basically an extension of a tool set for a given set of users but it is hosted at an external vendor.

为了执行到这个应用程序的无缝传输,它会发布一些 xml 数据,这些数据会触发潜在危险的 Request.Form 值".我知道我可以关闭 validateRequest 标志,但我不想这样做.

To perform a seamless transfer to this application it POSTS some xml data which is firing off the "potentially dangerous Request.Form value". I know I could turn off the validateRequest flag but I would rather not do this.

我已经编写了一个 httpmodule,它获取这些数据并使用它来验证用户,是否可以使用相同的模块或不同的模块来删除之前发布数据中的这些坏"值数据已验证"?

I have written an httpmodule which takes this data and uses it to authenticate the user, is it possible to use the same module, or a different module for that matter, to remove these "bad" values in the post data before that data is "validated"?

否则,如果这些想法都不起作用,我愿意接受其他建议.

Otherwise if none of these ideas work, I am open to other suggestions.

推荐答案

是的.以下类实现 IHttpModule 接口并注册和事件,这些事件将在 HttpRequestValidationException 检查发生之前触发.它检查请求是 POST 并且testinput"不为空,然后对其进行 HTML 编码.该类需要在您的 Web.config 中注册为 httpModule.

Yes. The following class implements the IHttpModule Interface and registers and event that will fire before the HttpRequestValidationException check occurs. It checks that the request is a POST and that "testinput" is not null and then HTML Encodes it. The Class needs to be registered in your Web.config as an httpModule.

类...

using System;
using System.Collections.Specialized;
using System.Reflection;
using System.Web;

public class PrevalidationSanitizer : System.Web.IHttpModule
{
    private HttpApplication httpApp;

    public void Init(HttpApplication httpApp)
    {
        this.httpApp = httpApp;
        httpApp.PreRequestHandlerExecute += new System.EventHandler(PreRequestHandlerExecute_Event);
    }

    public void Dispose() { }

    public void PreRequestHandlerExecute_Event(object sender, System.EventArgs args)
    {
        NameValueCollection form = httpApp.Request.Form;

        Type type = form.GetType();

        PropertyInfo prop = type.GetProperty("IsReadOnly", BindingFlags.Instance 
            | BindingFlags.IgnoreCase | BindingFlags.NonPublic | BindingFlags.FlattenHierarchy);

        prop.SetValue(form, false, null);

        if (httpApp.Request.RequestType == "POST" != null 
            && httpApp.Request.Form["testinput"])
                httpApp.Request.Form.Set("testinput"
                    , httpApp.Server.HtmlEncode(httpApp.Request.Form["testinput"]));
    }
}

web.config 条目...

web.config entry...

<system.web>
  <httpModules>
    <add type="PrevalidationSanitizer" name="PrevalidationSanitizer" />
...

这篇关于是否可以使用 HttpModule 删除一些帖子数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

c# Generic Setlt;Tgt; implementation to access objects by type(按类型访问对象的C#泛型集实现)
InvalidOperationException When using Context Injection in ASP.Net Core(在ASP.NET核心中使用上下文注入时发生InvalidOperationException)
how do i pass parameters to aspnet reportviewer(如何将参数传递给aspnet report查看器)
Bind multiple parameters from route and body to a model in ASP.NET Core(在ASP.NET Core中将路由和主体中的多个参数绑定到一个模型)
Custom model binding in AspNet Core WebApi?(AspNet Core WebApi中的自定义模型绑定?)
How to minify in .net core mvc view?(如何在.Net核心MVC视图中缩小?)