如何防止篡改查询字符串？

Question

如何防止篡改查询字符串？

HII,

我有一个查询字符串,如" http://project/page1.aspx？userID = 5 ".如果手动更改'userID'参数,则不会执行该操作.怎么可能？

Answer 1

大家好，感谢您的帮助...我从其他一些网站得到了一些不同的解决方案。我不知道这是最好的解决方案。即使用加密和解密算法对值进行编码...示例代码是这样编写的...

<a href='Page1.aspx?UserID=<%= HttpUtility.UrlEncode(TamperProofStringEncode("5","F44fggjj")) %>'>
        Click Here</a> <!--Created one anchor tag and call the function for TamperProofStringEncode-->

Run Code Online (Sandbox Code Playgroud)


    
 private string TamperProofStringEncode(string value, string key)
 {
            System.Security.Cryptography.MACTripleDES mac3des = new    System.Security.Cryptography.MACTripleDES();
            System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
            mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));
            return Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(value)) + "-" + Convert.ToBase64String(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(value)));
        }

在'Page1'的页面加载中调用解码算法对查询字符串进行解码

try
        {
            string DataString = TamperProofStringDecode(Request.QueryString["UserID"], "F44fggjj");
            Response.Write(DataString);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }

Run Code Online (Sandbox Code Playgroud)

private string TamperProofStringDecode(string value, string key)
    {
        string dataValue = "";
        string calcHash = "";
        string storedHash = "";

        System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
        System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
        mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));

        try
        {
            dataValue = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[0]));
            storedHash = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[1]));
            calcHash = System.Text.Encoding.UTF8.GetString(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(dataValue)));

            if (storedHash != calcHash)
            {
                //'Data was corrupted
                throw new ArgumentException("Hash value does not match");
                //  'This error is immediately caught below

            }
        }
        catch (Exception ex)
        {
            throw new ArgumentException("Invalid TamperProofString");
        }

        return dataValue;

    }

Run Code Online (Sandbox Code Playgroud)

归档时间：	15 年，6 月前
查看次数：	14090 次
最近记录：	12 年，4 月前