Scrambling URLS for dynamic data
What is the best method to obfuscate the urls created in Dynamic Data?
eg \Products\List.aspx?ProductId=2 could become
\Products\List.aspx?x=UHJvZHVjdElkPTI=
where "ProductId=2" is base 64 encoded to prevent casual snooping on
\Products\List.aspx?ProductId=3
\Products\List.aspx?ProductId=4
etc...?
I will probably have to inherit from an existing object and override some function The question is which object and what function
GetActionPath of the Metamodel object seems interesting, but how does the DynamicRoute "{table}/{Action}.aspx" play in into it...
Right now on Asp.net 1.1 site I use an custom implementation of the following code. http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml It is HTTPModule that uses regular expression to rewrite all the querystrings and also with reflection changes the Querystring collection with 开发者_C百科decoded values.
So where is the hook to affect the change.
I have found the solution
With advice, I have implemented a Route that inherits from DynamicDataRoute.
The methods overridden were GetVirtualPath and GetRouteData.
Here is the global.asax page
routes.Add(New EncodedDynamicDataRoute("{table}/{action}.aspx") With { _
.Defaults = New RouteValueDictionary(New With {.Action = PageAction.List}), _
.Constraints = New RouteValueDictionary(New With {.Action "List|Details|Edit|Insert"}), _
.Model = model})
Here is the Encoded DynamicDataRoute.
Imports System.Web.DynamicData
Imports System.Web.Routing
''' <summary>
''' The purpose of this class to base 64 encode the querystring parameters.
''' It converts the keys to base64 encoded and back.
''' </summary>
Public Class EncodedDynamicDataRoute
Inherits DynamicDataRoute
Public Sub New(ByVal url As String)
MyBase.New(url)
End Sub
Public Overloads Overrides Function GetRouteData(ByVal httpContext As HttpContextBase) As RouteData
Dim routeData As RouteData = MyBase.GetRouteData(httpContext)
If Not (routeData Is Nothing) Then
DecodeRouteValues(routeData.Values)
End If
Return routeData
End Function
Private Sub EncodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim strOutput As New StringBuilder
Dim val As Object
For Each column As MetaColumn In table.PrimaryKeyColumns
If routeValues.TryGetValue(column.Name, val) Then
strOutput.Append(column.Name & Chr(254) & val & Chr(255))
routeValues.Remove(column.Name)
End If
Next
Dim out As String = (Convert.ToBase64String(Encoding.ASCII.GetBytes(strOutput.ToString)))
If routeValues.ContainsKey("x") Then
routeValues.Item("x") = out
Else
routeValues.Add("x", out)
End If
End Sub
Public Overloads Overrides Function GetVirtualPath(ByVal requestContext As RequestContext, ByVal values As RouteValueDictionary) As VirtualPathData
EncodeRouteValues(values)
Return MyBase.GetVirtualPath(requestContext, values)
End Function
Private Sub DecodeRouteValues(ByVal routeValues As RouteValueDictionary)
Dim tableName As Object
If Not routeValues.TryGetValue("table", tableName) Then
Return
End If
Dim table As MetaTable
If Not Model.TryGetTable(DirectCast(tableName, String), table) Then
Return
End If
Dim enc As New System.Text.ASCIIEncoding()
Dim val As Object
If routeValues.TryGetValue("x", val) AndAlso val <> "AAA" Then
Dim strString As String = enc.GetString(Convert.FromBase64String((val)))
Dim nameValuePairs As String() = strString.Split(Chr(255))
Dim col As MetaColumn
For Each str11 In nameValuePairs
Dim vals() As String = str11.Split(Chr(254))
If table.TryGetColumn(vals(0), col) Then
routeValues.Add(val(0), col)
End If
Next
End If
End Sub
End Class
Here is how I did it:
I created 4 functions in a module:
public static string EncryptInt(int val)
public static int DecryptInt(string val)
public static string DecryptStr(string str)
public static string EncryptStr(string source)
When I wanted to create a url I did something like this:
string.Format(@"\path\file.aspx?ID={0}&name={1}",encrypt.EncryptInt(inID),encrypt.EncriptStr(inName));
When I wanted to get the results I would call the Decrypt function on retrieved param.
I used two types because it added a level of type safety to the system, but you could just use one with strings and then call int.Parse() as needed.
Does this answer your question?
For Microsoft's Dynamic Data I believe the hooks would be found in the code behind for the template pages.
精彩评论