-1

我使用此处提供的示例对我的项目进行了查询字符串加密。

当我在本地运行项目时,它工作正常:

在此处输入图像描述

但是当我将它发布到我的服务器时,加密根本不起作用。服务器上的应用程序在 Windows Server 2008 R2 和 IIS 7 上运行。

也许我必须在 IIS 上进行一些更改?我没有任何线索。任何人?

谢谢你。

编辑:这是 QueryStringModule 类的代码:

Imports System
Imports System.IO
Imports System.Web
Imports System.Text
Imports System.Security.Cryptography


''' <summary>
''' Summary description for QueryStringModule
''' </summary>
Public Class QueryStringModule
    Implements IHttpModule

#Region "IHttpModule Members"

    Sub Init(context As HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler context.BeginRequest, AddressOf context_BeginRequest
    End Sub

    Sub Dispose() Implements System.Web.IHttpModule.Dispose
        ' Nothing to dispose
    End Sub

#End Region

    Private Const PARAMETER_NAME As String = "enc="
    Private Const ENCRYPTION_KEY As String = "key"

    Private Sub context_BeginRequest(sender As Object, e As EventArgs)
        Dim context As HttpContext = HttpContext.Current
        If context.Request.Url.OriginalString.Contains("aspx") AndAlso context.Request.RawUrl.Contains("?") Then
            Dim query As String = ExtractQuery(context.Request.RawUrl)
            Dim path As String = GetVirtualPath()

            If query.StartsWith(PARAMETER_NAME, StringComparison.OrdinalIgnoreCase) Then
                ' Decrypts the query string and rewrites the path.
                Dim rawQuery As String = query.Replace(PARAMETER_NAME, String.Empty)
                Dim decryptedQuery As String = Decrypt(rawQuery)
                context.RewritePath(path, String.Empty, decryptedQuery)
            ElseIf context.Request.HttpMethod = "GET" Then
                ' Encrypt the query string and redirects to the encrypted URL.
                ' Remove if you don't want all query strings to be encrypted automatically.
                Dim encryptedQuery As String = Encrypt(query)
                context.Response.Redirect(path + encryptedQuery)
            End If
        End If
    End Sub

    ''' <summary>
    ''' Parses the current URL and extracts the virtual path without query string.
    ''' </summary>
    ''' <returns>The virtual path of the current URL.</returns>
    Private Shared Function GetVirtualPath() As String
        Dim path As String = HttpContext.Current.Request.RawUrl
        path = path.Substring(0, path.IndexOf("?"))
        path = path.Substring(path.LastIndexOf("/") + 1)
        Return path
    End Function

    ''' <summary>
    ''' Parses a URL and returns the query string.
    ''' </summary>
    ''' <param name="url">The URL to parse.</param>
    ''' <returns>The query string without the question mark.</returns>
    Private Shared Function ExtractQuery(url As String) As String
        Dim index As Integer = url.IndexOf("?") + 1
        Return url.Substring(index)
    End Function

#Region "Encryption/decryption"

    ''' <summary>
    ''' The salt value used to strengthen the encryption.
    ''' </summary>
    Private Shared ReadOnly SALT As Byte() = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString())

    ''' <summary>
    ''' Encrypts any string using the Rijndael algorithm.
    ''' </summary>
    ''' <param name="inputText">The string to encrypt.</param>
    ''' <returns>A Base64 encrypted string.</returns>
    Public Shared Function Encrypt(inputText As String) As String
        Dim rijndaelCipher As New RijndaelManaged()
        Dim plainText As Byte() = Encoding.Unicode.GetBytes(inputText)
        Dim SecretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT)

        Using encryptor As ICryptoTransform = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16))
            Using memoryStream As New MemoryStream()
                Using cryptoStream As New CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)
                    cryptoStream.Write(plainText, 0, plainText.Length)
                    cryptoStream.FlushFinalBlock()
                    Return "?" + PARAMETER_NAME + Convert.ToBase64String(memoryStream.ToArray())
                End Using
            End Using
        End Using
    End Function

    ''' <summary>
    ''' Decrypts a previously encrypted string.
    ''' </summary>
    ''' <param name="inputText">The encrypted string to decrypt.</param>
    ''' <returns>A decrypted string.</returns>
    Public Shared Function Decrypt(inputText As String) As String
        Dim rijndaelCipher As New RijndaelManaged()
        Dim encryptedData As Byte() = Convert.FromBase64String(inputText)
        Dim secretKey As New PasswordDeriveBytes(ENCRYPTION_KEY, SALT)

        Using decryptor As ICryptoTransform = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16))
            Using memoryStream As New MemoryStream(encryptedData)
                Using cryptoStream As New CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)
                    Dim plainText As Byte() = New Byte(encryptedData.Length - 1) {}
                    Dim decryptedCount As Integer = cryptoStream.Read(plainText, 0, plainText.Length)
                    Return Encoding.Unicode.GetString(plainText, 0, decryptedCount)
                End Using
            End Using
        End Using
    End Function

#End Region

End Class
4

2 回答 2

2

是的,这是一个 ISS 配置问题。

ISS 5 或 6 的 web.config 应包含 <httpModules> 标记,如madskristensen.net上所述。

<system.web>
    <httpModules>
         <add type="QueryStringModule" name="QueryStringModule"/>
    </httpModules>
</system.web>

如果您的 Web 应用程序在 IIS 7 上运行,则设置应位于:

<system.webServer>
    <modules>
        <add type="QueryStringModule" name="QueryStringModule"/>
    </modules>
</system.webServer>

此解决方案也在此处进行了描述。

于 2013-10-15T11:49:54.263 回答
1

我刚刚找到了一个解决方案: 1-在服务器上打开 IIS;2-选择所需的网站;3-选择模块;4-右键单击然后“添加托管模块”;5-为其命名,然后在下拉列表中找到您要添加的模块;6-重置 IIS。

于 2012-10-10T20:28:09.293 回答