C# 使用HTTPWebrequest(多部分/表单数据)发布文件时出错(潜在危险的请求。从客户端检测到表单值)
我想使用HTTPPOST向MVCWeb应用程序发送一个文件。该文件包含html标记。下面是我尝试过的代码C# 使用HTTPWebrequest(多部分/表单数据)发布文件时出错(潜在危险的请求。从客户端检测到表单值),c#,asp.net,asp.net-mvc,file-upload,httpwebrequest,C#,Asp.net,Asp.net Mvc,File Upload,Httpwebrequest,我想使用HTTPPOST向MVCWeb应用程序发送一个文件。该文件包含html标记。下面是我尝试过的代码 public void PostMultipleFiles(string url, string[] files) { string boundary = "----------------------------" + DateTime.Now.Ticks.ToString("x"); HttpWebRequest httpWebRequest = (HttpWebRequ
public void PostMultipleFiles(string url, string[] files)
{
string boundary = "----------------------------" + DateTime.Now.Ticks.ToString("x");
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(url);
httpWebRequest.ContentType = "multipart/form-data; boundary=" + boundary;
httpWebRequest.Method = "POST";
httpWebRequest.KeepAlive = true;
httpWebRequest.Credentials = System.Net.CredentialCache.DefaultCredentials;
Stream memStream = new System.IO.MemoryStream();
byte[] boundarybytes =System.Text.Encoding.ASCII.GetBytes("\r\n--" + boundary +"\r\n");
string formdataTemplate = "\r\n--" + boundary + "\r\nContent-Disposition: form-data; name=\"{0}\";\r\n\r\n{1}";
string headerTemplate = "Content-Disposition: form-data; name=\"{0}\"; filename=\"{1}\"\r\n Content-Type: application/octet-stream\r\n\r\n";
memStream.Write(boundarybytes, 0, boundarybytes.Length);
for (int i = 0; i < files.Length; i++)
{
string header = string.Format(headerTemplate, "file" + i, files[i]);
//string header = string.Format(headerTemplate, "uplTheFile", files[i]);
byte[] headerbytes = System.Text.Encoding.UTF8.GetBytes(header);
memStream.Write(headerbytes, 0, headerbytes.Length);
FileStream fileStream = new FileStream(files[i], FileMode.Open,
FileAccess.Read);
byte[] buffer = new byte[1024];
int bytesRead = 0;
while ((bytesRead = fileStream.Read(buffer, 0, buffer.Length)) != 0)
{
memStream.Write(buffer, 0, bytesRead);
}
memStream.Write(boundarybytes, 0, boundarybytes.Length);
fileStream.Close();
}
httpWebRequest.ContentLength = memStream.Length;
Stream requestStream = httpWebRequest.GetRequestStream();
memStream.Position = 0;
byte[] tempBuffer = new byte[memStream.Length];
memStream.Read(tempBuffer, 0, tempBuffer.Length);
memStream.Close();
requestStream.Write(tempBuffer, 0, tempBuffer.Length);
requestStream.Close();
try
{
WebResponse webResponse = httpWebRequest.GetResponse();
Stream stream = webResponse.GetResponseStream();
StreamReader reader = new StreamReader(stream);
string var = reader.ReadToEnd();
}
catch (Exception ex)
{
response.InnerHtml = ex.Message;
}
httpWebRequest = null;
}
public void PostMultipleFiles(字符串url,字符串[]文件)
{
字符串边界=“------------------------------------”+DateTime.Now.Ticks.ToString(“x”);
HttpWebRequest HttpWebRequest=(HttpWebRequest)WebRequest.Create(url);
httpWebRequest.ContentType=“多部分/表单数据;边界=“+boundary;
httpWebRequest.Method=“POST”;
httpWebRequest.KeepAlive=true;
httpWebRequest.Credentials=System.Net.CredentialCache.DefaultCredentials;
Stream memStream=new System.IO.MemoryStream();
byte[]boundarybytes=System.Text.Encoding.ASCII.GetBytes(“\r\n--”+boundary+”\r\n”);
字符串formdataTemplate=“\r\n--“+boundary+”\r\n内容处理:表单数据;名称=\“{0}\”;\r\n\r\n{1}”;
string headerTemplate=“内容处置:表单数据;名称=\”{0}\“文件名=\”{1}\“\r\n内容类型:应用程序/八位字节流\r\n\r\n”;
memStream.Write(boundarybytes,0,boundarybytes.Length);
for(int i=0;i
但当收到对mvc应用程序的请求时,发生了异常。异常-“潜在危险的请求。从客户端检测到表单值”。出现此异常的原因是什么?我如何发布此文件?您可以使用AllowHtml属性装饰操作:
[AllowHtml]
public void PostMultipleFiles(string url, string[] files)
请注意,这可能是一个潜在的安全风险!有关更多信息,请参阅。您可以发布其中一个文件的内容吗?某些asp.net版本的默认行为是使用筛选出请求,例如帮助防止脚本注入。感谢您的回复。下面是示例文件内容“”由于存在安全风险,我无法使用此属性。在创建请求时,是否可以执行任何操作?看起来您正在发送XML文件。您可以使用此属性,然后为了消除安全风险,只接受并保存上载(如果可以)。