C# 使用itemdatabound解密中继器项
我正在使用asp中继器显示图像,我希望对其进行加密,但我不知道如何在每次中继器触发项目时解密C# 使用itemdatabound解密中继器项,c#,asp.net,encryption,C#,Asp.net,Encryption,我正在使用asp中继器显示图像,我希望对其进行加密,但我不知道如何在每次中继器触发项目时解密 //客户端 ` 当我尝试运行它时,它给了我错误CS0123:“Repeater1\u ItemDataBound”匹配委托“System.Web.UI.WebControls.RepeaterItemEventHandler”没有重载 请帮助我,因为我不熟悉c#事件处理程序上的方法签名不正确。您需要将RepeaterCommandEventArgs更改为RepeaterItemEventArgs pr
//客户端
请帮助我,因为我不熟悉c#事件处理程序上的方法签名不正确。您需要将RepeaterCommandEventArgs更改为RepeaterItemEventArgs
protected void Repeater1_ItemDataBound(object source, RepeaterItemEventArgs e)
{
}
public class DisplayImage : IHttpHandler
{
/// <summary>
/// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler" /> interface.
/// </summary>
/// <param name="context">An <see cref="T:System.Web.HttpContext" /> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
public void ProcessRequest(HttpContext context)
{
if (!this.HasAccess())
{
context.Response.End();
return;
}
string requestFileName = context.Request.QueryString["FileName"];
DecryptFile(requestFileName, context);
}
/// <summary>
/// Gets a value indicating whether another request can use the <see cref="T:System.Web.IHttpHandler" /> instance.
/// </summary>
/// <value><c>true</c> if this instance is reusable; otherwise, <c>false</c>.</value>
/// <returns>true if the <see cref="T:System.Web.IHttpHandler" /> instance is reusable; otherwise, false.</returns>
public bool IsReusable
{
get
{
return false;
}
}
/// <summary>
/// Determines whether the user has access to display an image.
/// </summary>
/// <returns><c>true</c> if this instance has access; otherwise, <c>false</c>.</returns>
private bool HasAccess()
{
// Check if user is logged in and has permissions
// to do the decryption
// use your own logic here
return true;
}
/// <summary>
/// Decrypts the file and outputs to the response buffer
/// </summary>
/// <param name="inputFile">The input file.</param>
/// <param name="context">The context.</param>
private void DecryptFile(string inputFile, HttpContext context)
{
if (PathTraversalCheck(inputFile))
{
context.Response.End();
return;
}
// get the base directory
inputFile = Path.Combine(ConfigurationManager.AppSettings["filedirectory"], inputFile);
if (!File.Exists())
{
context.Response.End();
return;
}
string password = @"myKey123"; // Your Key Here
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = UE.GetBytes(password);
using (FileStream encryptedFile = new FileStream(inputFile, FileMode.Open))
{
RijndaelManaged rijndael = new RijndaelManaged();
using (MemoryStream output = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(encryptedFile, rijndael.CreateDecryptor(key, key), CryptoStreamMode.Read))
{
// write to the memory stream
var buffer = new byte[1024];
var read = cryptoStream.Read(buffer, 0, buffer.Length);
while (read > 0)
{
output.Write(buffer, 0, read);
read = cryptoStream.Read(buffer, 0, buffer.Length);
}
cryptoStream.Flush();
// output to the response buffer
context.Response.ContentType = "image/jpeg";
context.Response.BinaryWrite(output.ToArray());
}
}
}
}
/// <summary>
/// Checks for a path traversal attack
/// </summary>
/// <param name="inputFile">The input file.</param>
/// <returns>System.String.</returns>
private bool PathTraversalCheck(string inputFile)
{
if (inputFile.Contains(".") || inputFile.Contains('\\') || inputFile.Contains('/'))
{
return true;
}
return false;
}
}
public类DisplayImage:IHttpHandler
{
///
///允许通过实现接口的自定义HttpHandler处理HTTP Web请求。
///
///提供对用于服务HTTP请求的内部服务器对象(例如,请求、响应、会话和服务器)的引用的对象。
公共void ProcessRequest(HttpContext上下文)
{
如果(!this.HasAccess())
{
context.Response.End();
返回;
}
string requestFileName=context.Request.QueryString[“FileName”];
解密文件(请求文件名、上下文);
}
///
///获取一个值,该值指示另一个请求是否可以使用该实例。
///
///如果此实例可重用,则为true;否则为false。
///如果实例是可重用的,则为true;否则为false。
公共布尔可重用
{
得到
{
返回false;
}
}
///
///确定用户是否有权显示图像。
///
///如果此实例具有访问权限,则为true;否则为false。
私人bool HasAccess()
{
//检查用户是否已登录并具有权限
//解密
//在这里使用你自己的逻辑
返回true;
}
///
///解密文件并输出到响应缓冲区
///
///输入文件。
///上下文。
私有无效解密文件(字符串输入文件,HttpContext上下文)
{
if(路径遍历检查(输入文件))
{
context.Response.End();
返回;
}
//获取基本目录
inputFile=Path.Combine(ConfigurationManager.AppSettings[“filedirectory”],inputFile);
如果(!File.Exists())
{
context.Response.End();
返回;
}
字符串密码=@“myKey123”;//此处输入您的密钥
Unicode编码UE=新的Unicode编码();
byte[]key=UE.GetBytes(密码);
使用(FileStream encryptedFile=newfilestream(inputFile,FileMode.Open))
{
RijndaelManaged rijndael=新的RijndaelManaged();
使用(MemoryStream输出=新的MemoryStream())
{
使用(CryptoStream CryptoStream=new CryptoStream(encryptedFile,rijndael.CreateDecryptor(key,key),CryptoStreamMode.Read))
{
//写入内存流
var buffer=新字节[1024];
var read=cryptoStream.read(buffer,0,buffer.Length);
while(读取>0)
{
输出。写入(缓冲区,0,读取);
read=cryptoStream.read(buffer,0,buffer.Length);
}
cryptoStream.Flush();
//输出到响应缓冲区
context.Response.ContentType=“image/jpeg”;
context.Response.BinaryWrite(output.ToArray());
}
}
}
}
///
///检查路径遍历攻击
///
///输入文件。
///System.String。
私有布尔路径遍历检查(字符串输入文件)
{
if(inputFile.Contains(“.”)inputFile.Contains('\\')inputFile.Contains('/'))
{
返回true;
}
返回false;
}
}
<ItemTemplate>
<img src="DisplayImage.ashx?FIleName=<%# DataBinder.Eval(Container.DataItem, "FileName" )%>" />
</ItemTemplate>
" />
我还想更改的是,我不会将密钥存储在源代码中,这可以通过反编译DLL轻松读取。相反,您应该将其存储在web.config中,并对web.config进行加密。请查看说明。您需要更正转发器事件:
void Repeater1_ItemDataBound(Object Sender, RepeaterItemEventArgs e) {
}
void Repeater1__ItemCommand(Object Sender, RepeaterCommandEventArgs e) {
if (e.CommandName =="openimage")
{
string[] commandArgs = e.CommandArgument.ToString().Split(new char[] { ',' });
DecryptFile(commandArgs[0], commandArgs[0]);
}
}
void Repeater1_ItemDataBound(Object Sender, RepeaterItemEventArgs e) {
}
void Repeater1__ItemCommand(Object Sender, RepeaterCommandEventArgs e) {
if (e.CommandName =="openimage")
{
string[] commandArgs = e.CommandArgument.ToString().Split(new char[] { ',' });
DecryptFile(commandArgs[0], commandArgs[0]);
}
}