当前位置: 代码迷 >> C# >> 点滴累积【C#】-对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患
  详细解决方案

点滴累积【C#】-对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患

热度:94   发布时间:2016-05-05 04:17:24.0
点滴积累【C#】---对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患!

效果:

描述:

本事例是为解决在上传或下载文件时避免将路径暴露在外。在上传时将路径进行加密保存到DataTable或数据库中,在下载是再读取DataTable中加密数据进行解密下载。

代码:

【前台代码】

 

 1 <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="FileUpload.aspx.cs" Inherits="FilePathEncrypt.FileUpload" %> 2  3 <!DOCTYPE html> 4  5 <html xmlns="http://www.w3.org/1999/xhtml"> 6 <head runat="server"> 7     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 8     <title></title> 9     10 </head>11 <body>12     <%--<form id="form1" runat="server" name="formFile" method="post" action="/FileUpload.aspx" target="frameFile" enctype="multipart/form-data">--%>13         <form id="form1" runat="server">14         <div>15             <%--<input type="text" id="textID" name="txtName" />--%>16             <%--<input type="file" id="fileUp" name="fileUp" />--%>&nbsp;&nbsp;<%--<input type="submit" value="确认上传" />--%>17             <%--<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>--%>18             <asp:FileUpload ID="FileUpload1" runat="server" />&nbsp;&nbsp;<asp:Button ID="Button1" runat="server" Text="确认上传" OnClick="Button1_Click" />19 20             <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" Height="132px" Width="251px" CellPadding="4" ForeColor="#333333" GridLines="None">21                 <AlternatingRowStyle BackColor="White" />22             <Columns>23                 <asp:BoundField DataField="ID" HeaderText="ID" />24                 <asp:BoundField  DataField="FileName" HeaderText="名称" />25                 <asp:BoundField  DataField="FileType" HeaderText="类型" />26                 <asp:BoundField  DataField="FilePath_Security" HeaderText="路径加密" />27                 <asp:TemplateField HeaderText="下载">28                     <ItemTemplate>29                         <asp:HyperLink ID="HyperLink1" NavigateUrl='<%# Eval("FilePath_Security") %>'  runat="server">下载</asp:HyperLink>30                     </ItemTemplate>31                 </asp:TemplateField>32             </Columns>33                 <EditRowStyle BackColor="#2461BF" />34                 <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />35                 <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />36                 <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />37                 <RowStyle BackColor="#EFF3FB" />38                 <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />39                 <SortedAscendingCellStyle BackColor="#F5F7FB" />40                 <SortedAscendingHeaderStyle BackColor="#6D95E1" />41                 <SortedDescendingCellStyle BackColor="#E9EBEF" />42                 <SortedDescendingHeaderStyle BackColor="#4870BE" />43         </asp:GridView>44         </div>45     </form>46     <iframe id="frameFile" name="frameFile" style="display: none;"></iframe>47 </body>48 </html>

 

【后台代码】

 

  1 using System;  2 using System.Collections.Generic;  3 using System.Data;  4 using System.IO;  5 using System.Linq;  6 using System.Web;  7 using System.Web.UI;  8 using System.Web.UI.WebControls;  9 using WooBase.Common; 10  11 namespace FilePathEncrypt 12 { 13     public partial class FileUpload : System.Web.UI.Page 14     { 15         protected void Page_Load(object sender, EventArgs e) 16         { 17  18             DataTable dt = new DataTable(); 19             dt = NewTable(); 20  21             GridView1.DataSource = dt; 22             GridView1.DataBind(); 23         } 24  25         /// <summary> 26         /// 构建DataTable 27         /// </summary> 28         /// <returns></returns> 29         public DataTable NewTable() 30         { 31             DataTable dt = new DataTable(); 32             dt.TableName = "SaveData"; 33             DataColumn col = new DataColumn("ID", typeof(Int32)); 34             col.AutoIncrement = true; 35             col.AutoIncrementSeed = 1; 36             col.AutoIncrementStep = 1; 37             dt.Columns.Add(col); 38             dt.Columns.Add("FileName", typeof(String)); 39             dt.Columns.Add("FileType", typeof(String)); 40             dt.Columns.Add("FilePath_Security", typeof(String)); 41  42             DataRow dr = dt.NewRow(); 43             dr["FileName"] = "青苹果.jpg"; 44             dr["FileType"] = ".jpg"; 45             dr["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D"; 46             dt.Rows.Add(dr); 47             DataRow dr1 = dt.NewRow(); 48             dr1["FileName"] = "青苹果.txt"; 49             dr1["FileType"] = ".txt"; 50             dr1["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D"; 51             dt.Rows.Add(dr1); 52  53             return dt; 54         } 55  56         protected void Button1_Click(object sender, EventArgs e) 57         { 58             string FullName = FileUpload1.PostedFile.FileName; 59             if (!string.IsNullOrEmpty(FullName)) 60             { 61                 FileInfo fi = new FileInfo(FullName); 62                 string name = fi.Name;//获取word名称 63                 string type = fi.Extension;//获取word类型 64                 string SavePath = Server.MapPath("UploadFile\\");//word保存到文件夹下 65                 if (!Directory.Exists(SavePath))   //判断文件夹是否存在,如果不存在则创建 66                 { 67                     Directory.CreateDirectory(SavePath); 68                 } 69                 this.FileUpload1.PostedFile.SaveAs(SavePath + "\\" + name + ".wdata");//保存路径 70                 string SecurityPath = setPath("UploadFile\\" + name + ".wdata");//加密 71  72                 DataTable dt = new DataTable(); 73                 dt = NewTable(); 74                 if (name != "") 75                 { 76                     DataRow dr = dt.NewRow(); 77                     dr["FileName"] = name; 78                     dr["FileType"] = type; 79                     dr["FilePath_Security"] = SecurityPath; 80                     dt.Rows.Add(dr); 81                 } 82                 GridView1.DataSource = dt; 83                 GridView1.DataBind(); 84             } 85             else 86             { 87                 Response.Write("<script>alert('请选择文件');</script>"); 88             } 89         } 90         /// <summary> 91         /// 加密路径 92         /// </summary> 93         /// <param name="path"></param> 94         /// <returns></returns> 95         public static string setPath(string path) 96         { 97             string SetPath = ""; 98             try 99             {100                 SetPath = "DownLoad.aspx?cmd=" + Security.Encrypt_Des2(path) + "\"";101                 return SetPath;102             }103             catch (Exception ex)104             {105                 throw ex;106             }107 108         }109     }110 }

【后台加密函数代码】

 1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Text; 5 using System.IO; 6 using System.Text; 7 using System.Security.Cryptography; 8  9 namespace WooBase.Common10 {11     public class Security12     {13         //   DES     的加密方法   。   14         //   私钥加密   /   对称算法   。   15         public static string Encrypt_Des(string cleanString)16         {17             //.NET   框架提供的对称加密类需要一个密钥和一个新的   IV   来加密和解密数据。   18             //每当使用默认的构造函数创建其中一个托管对称加密类的新实例时,就会自动创建新的密钥和   IV   19             //DES   使用   64   位密钥、64   位块来加密和解密数据。每个数据块迭代   16   次以生成加密文本。   20             //初始化向量(IV)   用来第一次对数据块进行加密   。   21             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; //   指定的   Key   22             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; //   初始化向量(IV)   23             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();24             MemoryStream ms = new MemoryStream();25             CryptoStream cs = new CryptoStream(ms, provider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write);26             StreamWriter sw = new StreamWriter(cs);27             sw.Write(cleanString);28             sw.Flush();29             cs.FlushFinalBlock();30             ms.Flush();31             return Convert.ToBase64String(ms.GetBuffer(), 0, int.Parse((ms.Length.ToString())));32         }33 34         public static string Encrypt_Des2(string cleanString)35         {36             string result = string.Empty;37             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; //   指定的   Key   38             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; //   初始化向量(IV)   39             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();40             MemoryStream ms = new MemoryStream();41             CryptoStream cs = new CryptoStream(ms, provider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write);42             StreamWriter sw = new StreamWriter(cs);43             sw.Write(cleanString);44             sw.Flush();45             cs.FlushFinalBlock();46             ms.Flush();47             string tmpS = Convert.ToBase64String(ms.GetBuffer(), 0, int.Parse((ms.Length.ToString())));48             byte[] bTemp = System.Text.Encoding.Default.GetBytes(tmpS);49             for (int i = 0; i < bTemp.Length; i++)50             {51                 result += bTemp[i].ToString("X");52             }53             return result;54         }55 56         //   DES     的解密方法   。   57         //   私钥加密   /   对称算法   。   58         public static string Decrypt_Des(string encryptedString)59         {60             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 };61             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 };62             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();63             byte[] buffer = Convert.FromBase64String(encryptedString);64             MemoryStream ms = new MemoryStream(buffer);65             CryptoStream cs = new CryptoStream(ms, provider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read);66             StreamReader sr = new StreamReader(cs);67             return sr.ReadToEnd();68 69         }70 71         public static string Decrypt_Des2(string encryptedString)72         {73             byte[] b = new byte[encryptedString.Length / 2];74             for (int i = 0; i < encryptedString.Length / 2; i++)75             {76                 string strTemp = encryptedString.Substring(i * 2, 2);77                 b[i] = Convert.ToByte(strTemp, 16);78             }79             string str = System.Text.Encoding.Default.GetString(b);80 81             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 };82             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 };83             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();84             byte[] buffer = Convert.FromBase64String(str);85             MemoryStream ms = new MemoryStream(buffer);86             CryptoStream cs = new CryptoStream(ms, provider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read);87             StreamReader sr = new StreamReader(cs);88             return sr.ReadToEnd();89 90         }91     }92 }

【后台下载类代码】

  1 using System;  2 using System.Collections.Generic;  3 using System.IO;  4 using System.Linq;  5 using System.Web;  6 using System.Web.UI;  7 using System.Web.UI.WebControls;  8 using Woo.Utility;  9 using WooBase.Common; 10  11  12 namespace FilePathEncrypt 13 { 14     public partial class DownLoad : System.Web.UI.Page 15     { 16         protected void Page_Load(object sender, EventArgs e) 17         { 18             //访问此页进行解密下载  19             //例如:AjaxPage/WooCommon/DownLoad.aspx?cmd=42544F4A692B5775664E4C45316E3437366B2F553761304E6A52644A32734E76697470494C726E4D766C4662795751322B6737375875504D73644331556F4A2F6C2F526C39423073365435492F33714D3755657536484868496B3275395A745059464C72776E705376666B4D7330504F5A30476F454C3061697541784B556471724B30777479577A382F453D 20  21             var cmd = PageUtility.GetRequestString("cmd"); 22             if (!string.IsNullOrEmpty(cmd)) 23             { 24                 cmd = cmd.Replace("\"", "").Trim(); 25                 cmd = Security.Decrypt_Des2(cmd).ToLower(); 26                 cmd = cmd.Replace("/", "\\").Replace("\"", ""); 27                 string dir = HttpContext.Current.Request.PhysicalApplicationPath; 28                 if (File.Exists(dir + cmd)) 29                 { 30                     int finded = (dir + cmd).LastIndexOf(".wdata"); 31                     string FileName = (dir + cmd).Remove(finded); 32  33                     string ext = System.IO.Path.GetExtension(FileName); 34                     string fname = System.IO.Path.GetFileName(FileName); 35  36  37                     HttpContext.Current.Response.Clear(); 38                     HttpContext.Current.Response.Buffer = true; 39                     HttpContext.Current.Response.Charset = "UTF-8"; 40                     HttpContext.Current.Response.AppendHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(fname, System.Text.Encoding.GetEncoding("UTF-8"))); 41                     HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.GetEncoding("UTF-8"); 42                     HttpContext.Current.Response.ContentType = GetContentType(ext); 43                     HttpContext.Current.Response.WriteFile(FileName + ".wdata"); 44                     HttpContext.Current.Response.Flush(); 45                     HttpContext.Current.Response.End(); 46  47  48                     HttpContext.Current.Response.Redirect(FileName + ".wdata"); 49                 } 50             } 51             else 52             { 53                 var cmdtwo = PageUtility.GetRequestString("noEncryptCmd"); 54                 if (!string.IsNullOrEmpty(cmdtwo)) 55                 { 56                     cmdtwo = cmdtwo.Replace("\"", "").Trim(); 57                     cmdtwo = cmdtwo.Replace("/", "\\").Replace("\"", ""); 58                     string dir = HttpContext.Current.Request.PhysicalApplicationPath; 59                     if (File.Exists(dir + cmdtwo)) 60                     { 61                         int finded = (dir + cmdtwo).LastIndexOf(".wdata"); 62                         string FileName = (dir + cmdtwo).Remove(finded); 63  64                         string ext = System.IO.Path.GetExtension(FileName); 65                         string fname = System.IO.Path.GetFileName(FileName); 66  67  68                         HttpContext.Current.Response.Clear(); 69                         HttpContext.Current.Response.Buffer = true; 70                         HttpContext.Current.Response.Charset = "UTF-8"; 71                         HttpContext.Current.Response.AppendHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(fname, System.Text.Encoding.GetEncoding("UTF-8"))); 72                         HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.GetEncoding("UTF-8"); 73                         HttpContext.Current.Response.ContentType = GetContentType(ext); 74                         HttpContext.Current.Response.WriteFile(FileName + ".wdata"); 75                         HttpContext.Current.Response.Flush(); 76                         HttpContext.Current.Response.End(); 77  78                         HttpContext.Current.Response.Redirect(FileName + ".wdata"); 79                     } 80                 } 81             } 82         } 83  84         private string GetContentType(string ext) 85         { 86             switch (ext.ToLower().Trim('.')) 87             { 88  89                 //"application/vnd.openxmlformats-officedocument.presentationml.presentation" (for . files) 90                 //"" (for .ppsx files) 91                 //"" (for . files) 92                 //"" (for . files) 93                 //"" (for . files) 94  95                 case "docx": return "application/vnd.openxmlformats-officedocument.wordprocessingml.document"; 96                 case "dotx": return "application/vnd.openxmlformats-officedocument.wordprocessingml.template"; 97                 case "pptx": return "application/vnd.openxmlformats-officedocument.presentationml.slideshow"; 98                 case "potx": return "application/vnd.openxmlformats-officedocument.presentationml.template"; 99                 case "xlsx": return "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";100                 case "xltx": return "application/vnd.openxmlformats-officedocument.spreadsheetml.template";101                 case "accdb":102                 case "accde":103                 case "accdt":104                     return "application/msaccess";105                 case "mdb": return "application/x-msaccess";106                 case "ez": return "application/andrew-inset";107                 case "hqx": return "application/mac-binhex40";108                 case "cpt": return "application/mac-compactpro";109                 case "doc": return "application/msword";110                 case "bin": return "application/octet-stream";111                 case "dms": return "application/octet-stream";112                 case "lha": return "application/octet-stream";113                 case "lzh": return "application/octet-stream";114                 case "exe": return "application/octet-stream";115                 case "class": return "application/octet-stream";116                 case "so": return "application/octet-stream";117                 case "dll": return "application/octet-stream";118                 case "oda": return "application/oda";119                 case "pdf": return "application/pdf";120                 case "ai": return "application/postscript";121                 case "eps": return "application/postscript";122                 case "ps": return "application/postscript";123                 case "smi": return "application/smil";124                 case "smil": return "application/smil";125                 case "mif": return "application/vnd.mif";126                 case "xls": return "application/vnd.ms-excel";127                 case "ppt": return "application/vnd.ms-powerpoint";128                 case "wbxml": return "application/vnd.wap.wbxml";129                 case "wmlc": return "application/vnd.wap.wmlc";130                 case "wmlsc": return "application/vnd.wap.wmlscriptc";131                 case "bcpio": return "application/x-bcpio";132                 case "vcd": return "application/x-cdlink";133                 case "pgn": return "application/x-chess-pgn";134                 case "cpio": return "application/x-cpio";135                 case "csh": return "application/x-csh";136                 case "dcr": return "application/x-director";137                 case "dir": return "application/x-director";138                 case "dxr": return "application/x-director";139                 case "dvi": return "application/x-dvi";140                 case "spl": return "application/x-futuresplash";141                 case "gtar": return "application/x-gtar";142                 case "hdf": return "application/x-hdf";143                 case "js": return "application/x-javascript";144                 case "skp": return "application/x-koan";145                 case "skd": return "application/x-koan";146                 case "skt": return "application/x-koan";147                 case "skm": return "application/x-koan";148                 case "latex": return "application/x-latex";149                 case "nc": return "application/x-netcdf";150                 case "cdf": return "application/x-netcdf";151                 case "sh": return "application/x-sh";152                 case "shar": return "application/x-shar";153                 case "swf": return "application/x-shockwave-flash";154                 case "sit": return "application/x-stuffit";155                 case "sv4cpio": return "application/x-sv4cpio";156                 case "sv4crc": return "application/x-sv4crc";157                 case "tar": return "application/x-tar";158                 case "tcl": return "application/x-tcl";159                 case "tex": return "application/x-tex";160                 case "texinfo": return "application/x-texinfo";161                 case "texi": return "application/x-texinfo";162                 case "t": return "application/x-troff";163                 case "tr": return "application/x-troff";164                 case "roff": return "application/x-troff";165                 case "man": return "application/x-troff-man";166                 case "me": return "application/x-troff-me";167                 case "ms": return "application/x-troff-ms";168                 case "ustar": return "application/x-ustar";169                 case "src": return "application/x-wais-source";170                 case "xhtml": return "application/xhtml+xml";171                 case "xht": return "application/xhtml+xml";172                 case "zip": return "application/zip";173                 case "au": return "audio/basic";174                 case "snd": return "audio/basic";175                 case "mid": return "audio/midi";176                 case "midi": return "audio/midi";177                 case "kar": return "audio/midi";178                 case "mpga": return "audio/mpeg";179                 case "mp2": return "audio/mpeg";180                 case "mp3": return "audio/mpeg";181                 case "aif": return "audio/x-aiff";182                 case "aiff": return "audio/x-aiff";183                 case "aifc": return "audio/x-aiff";184                 case "m3u": return "audio/x-mpegurl";185                 case "ram": return "audio/x-pn-realaudio";186                 case "rm": return "audio/x-pn-realaudio";187                 case "rpm": return "audio/x-pn-realaudio-plugin";188                 case "ra": return "audio/x-realaudio";189                 case "wav": return "audio/x-wav";190                 case "pdb": return "chemical/x-pdb";191                 case "xyz": return "chemical/x-xyz";192                 case "bmp": return "image/bmp";193                 case "gif": return "image/gif";194                 case "ief": return "image/ief";195                 case "jpeg": return "image/jpeg";196                 case "jpg": return "image/jpeg";197                 case "jpe": return "image/jpeg";198                 case "png": return "image/png";199                 case "tiff": return "image/tiff";200                 case "tif": return "image/tiff";201                 case "djvu": return "image/vnd.djvu";202                 case "djv": return "image/vnd.djvu";203                 case "wbmp": return "image/vnd.wap.wbmp";204                 case "ras": return "image/x-cmu-raster";205                 case "pnm": return "image/x-portable-anymap";206                 case "pbm": return "image/x-portable-bitmap";207                 case "pgm": return "image/x-portable-graymap";208                 case "ppm": return "image/x-portable-pixmap";209                 case "rgb": return "image/x-rgb";210                 case "xbm": return "image/x-xbitmap";211                 case "xpm": return "image/x-xpixmap";212                 case "xwd": return "image/x-xwindowdump";213                 case "igs": return "model/iges";214                 case "iges": return "model/iges";215                 case "msh": return "model/mesh";216                 case "mesh": return "model/mesh";217                 case "silo": return "model/mesh";218                 case "wrl": return "model/vrml";219                 case "vrml": return "model/vrml";220                 case "css": return "text/css";221                 case "html": return "text/html";222                 case "htm": return "text/html";223                 case "asc": return "text/plain";224                 case "txt": return "text/plain";225                 case "rtx": return "text/richtext";226                 case "rtf": return "text/rtf";227                 case "sgml": return "text/sgml";228                 case "sgm": return "text/sgml";229                 case "tsv": return "text/tab-separated-values";230                 case "wml": return "text/vnd.wap.wml";231                 case "wmls": return "text/vnd.wap.wmlscript";232                 case "etx": return "text/x-setext";233                 case "xsl": return "text/xml";234                 case "xml": return "text/xml";235                 case "mpeg": return "video/mpeg";236                 case "mpg": return "video/mpeg";237                 case "mpe": return "video/mpeg";238                 case "qt": return "video/quicktime";239                 case "mov": return "video/quicktime";240                 case "mxu": return "video/vnd.mpegurl";241                 case "avi": return "video/x-msvideo";242                 case "movie": return "video/x-sgi-movie";243                 case "ice": return "x-conference/x-cooltalk";244                 default:245                     return "application/octet-stream";246             }247 248         }249     }250 }

 Demo下载:

 http://files.cnblogs.com/files/xinchun/pathEncrypt.zip