点滴积累【C#】---对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患!
效果:
描述:
本事例是为解决在上传或下载文件时避免将路径暴露在外。在上传时将路径进行加密保存到DataTable或数据库中,在下载是再读取DataTable中加密数据进行解密下载。
代码:
【前台代码】
1 <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="FileUpload.aspx.cs" Inherits="FilePathEncrypt.FileUpload" %> 2 3 <!DOCTYPE html> 4 5 <html xmlns="http://www.w3.org/1999/xhtml"> 6 <head runat="server"> 7 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 8 <title></title> 9 10 </head> 11 <body> 12 <%--<form id="form1" runat="server" name="formFile" method="post" action="/FileUpload.aspx" target="frameFile" enctype="multipart/form-data">--%> 13 <form id="form1" runat="server"> 14 <div> 15 <%--<input type="text" id="textID" name="txtName" />--%> 16 <%--<input type="file" id="fileUp" name="fileUp" />--%> <%--<input type="submit" value="确认上传" />--%> 17 <%--<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>--%> 18 <asp:FileUpload ID="FileUpload1" runat="server" /> <asp:Button ID="Button1" runat="server" Text="确认上传" OnClick="Button1_Click" /> 19 20 <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" Height="132px" Width="251px" CellPadding="4" ForeColor="#333333" GridLines="None"> 21 <AlternatingRowStyle BackColor="White" /> 22 <Columns> 23 <asp:BoundField DataField="ID" HeaderText="ID" /> 24 <asp:BoundField DataField="FileName" HeaderText="名称" /> 25 <asp:BoundField DataField="FileType" HeaderText="类型" /> 26 <asp:BoundField DataField="FilePath_Security" HeaderText="路径加密" /> 27 <asp:TemplateField HeaderText="下载"> 28 <ItemTemplate> 29 <asp:HyperLink ID="HyperLink1" NavigateUrl='<%# Eval("FilePath_Security") %>' runat="server">下载</asp:HyperLink> 30 </ItemTemplate> 31 </asp:TemplateField> 32 </Columns> 33 <EditRowStyle BackColor="#2461BF" /> 34 <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" /> 35 <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" /> 36 <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" /> 37 <RowStyle BackColor="#EFF3FB" /> 38 <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" /> 39 <SortedAscendingCellStyle BackColor="#F5F7FB" /> 40 <SortedAscendingHeaderStyle BackColor="#6D95E1" /> 41 <SortedDescendingCellStyle BackColor="#E9EBEF" /> 42 <SortedDescendingHeaderStyle BackColor="#4870BE" /> 43 </asp:GridView> 44 </div> 45 </form> 46 <iframe id="frameFile" name="frameFile" style="display: none;"></iframe> 47 </body> 48 </html>
【后台代码】
1 using System; 2 using System.Collections.Generic; 3 using System.Data; 4 using System.IO; 5 using System.Linq; 6 using System.Web; 7 using System.Web.UI; 8 using System.Web.UI.WebControls; 9 using WooBase.Common; 10 11 namespace FilePathEncrypt 12 { 13 public partial class FileUpload : System.Web.UI.Page 14 { 15 protected void Page_Load(object sender, EventArgs e) 16 { 17 18 DataTable dt = new DataTable(); 19 dt = NewTable(); 20 21 GridView1.DataSource = dt; 22 GridView1.DataBind(); 23 } 24 25 /// <summary> 26 /// 构建DataTable 27 /// </summary> 28 /// <returns></returns> 29 public DataTable NewTable() 30 { 31 DataTable dt = new DataTable(); 32 dt.TableName = "SaveData"; 33 DataColumn col = new DataColumn("ID", typeof(Int32)); 34 col.AutoIncrement = true; 35 col.AutoIncrementSeed = 1; 36 col.AutoIncrementStep = 1; 37 dt.Columns.Add(col); 38 dt.Columns.Add("FileName", typeof(String)); 39 dt.Columns.Add("FileType", typeof(String)); 40 dt.Columns.Add("FilePath_Security", typeof(String)); 41 42 DataRow dr = dt.NewRow(); 43 dr["FileName"] = "青苹果.jpg"; 44 dr["FileType"] = ".jpg"; 45 dr["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D"; 46 dt.Rows.Add(dr); 47 DataRow dr1 = dt.NewRow(); 48 dr1["FileName"] = "青苹果.txt"; 49 dr1["FileType"] = ".txt"; 50 dr1["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D"; 51 dt.Rows.Add(dr1); 52 53 return dt; 54 } 55 56 protected void Button1_Click(object sender, EventArgs e) 57 { 58 string FullName = FileUpload1.PostedFile.FileName; 59 if (!string.IsNullOrEmpty(FullName)) 60 { 61 FileInfo fi = new FileInfo(FullName); 62 string name = fi.Name;//获取word名称 63 string type = fi.Extension;//获取word类型 64 string SavePath = Server.MapPath("UploadFile\\");//word保存到文件夹下 65 if (!Directory.Exists(SavePath)) //判断文件夹是否存在,如果不存在则创建 66 { 67 Directory.CreateDirectory(SavePath); 68 } 69 this.FileUpload1.PostedFile.SaveAs(SavePath + "\\" + name + ".wdata");//保存路径 70 string SecurityPath = setPath("UploadFile\\" + name + ".wdata");//加密 71 72 DataTable dt = new DataTable(); 73 dt = NewTable(); 74 if (name != "") 75 { 76 DataRow dr = dt.NewRow(); 77 dr["FileName"] = name; 78 dr["FileType"] = type; 79 dr["FilePath_Security"] = SecurityPath; 80 dt.Rows.Add(dr); 81 } 82 GridView1.DataSource = dt; 83 GridView1.DataBind(); 84 } 85 else 86 { 87 Response.Write("<script>alert('请选择文件');</script>"); 88 } 89 } 90 /// <summary> 91 /// 加密路径 92 /// </summary> 93 /// <param name="path"></param> 94 /// <returns></returns> 95 public static string setPath(string path) 96 { 97 string SetPath = ""; 98 try 99 { 100 SetPath = "DownLoad.aspx?cmd=" + Security.Encrypt_Des2(path) + "\""; 101 return SetPath; 102 } 103 catch (Exception ex) 104 { 105 throw ex; 106 } 107 108 } 109 } 110 }
【后台加密函数代码】
1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Text; 5 using System.IO; 6 using System.Text; 7 using System.Security.Cryptography; 8 9 namespace WooBase.Common 10 { 11 public class Security 12 { 13 // DES 的加密方法 。 14 // 私钥加密 / 对称算法 。 15 public static string Encrypt_Des(string cleanString) 16 { 17 //.NET 框架提供的对称加密类需要一个密钥和一个新的 IV 来加密和解密数据。 18 //每当使用默认的构造函数创建其中一个托管对称加密类的新实例时,就会自动创建新的密钥和 IV 19 //DES 使用 64 位密钥、64 位块来加密和解密数据。每个数据块迭代 16 次以生成加密文本。 20 //初始化向量(IV) 用来第一次对数据块进行加密 。 21 byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; // 指定的 Key 22 byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; // 初始化向量(IV) 23 DESCryptoServiceProvider provider = new DESCryptoServiceProvider(); 24 MemoryStream ms = new MemoryStream(); 25 CryptoStream cs = new CryptoStream(ms, provider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write); 26 StreamWriter sw = new StreamWriter(cs); 27 sw.Write(cleanString); 28 sw.Flush(); 29 cs.FlushFinalBlock(); 30 ms.Flush(); 31 return Convert.ToBase64String(ms.GetBuffer(), 0, int.Parse((ms.Length.ToString()))); 32 } 33 34 public static string Encrypt_Des2(string cleanString) 35 { 36 string result = string.Empty; 37 byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; // 指定的 Key 38 byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; // 初始化向量(IV) 39 DESCryptoServiceProvider provider = new DESCryptoServiceProvider(); 40 MemoryStream ms = new MemoryStream(); 41 CryptoStream cs = new CryptoStream(ms, provider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write); 42 StreamWriter sw = new StreamWriter(cs); 43 sw.Write(cleanString); 44 sw.Flush(); 45 cs.FlushFinalBlock(); 46 ms.Flush(); 47 string tmpS = Convert.ToBase64String(ms.GetBuffer(), 0, int.Parse((ms.Length.ToString()))); 48 byte[] bTemp = System.Text.Encoding.Default.GetBytes(tmpS); 49 for (int i = 0; i < bTemp.Length; i++) 50 { 51 result += bTemp[i].ToString("X"); 52 } 53 return result; 54 } 55 56 // DES 的解密方法 。 57 // 私钥加密 / 对称算法 。 58 public static string Decrypt_Des(string encryptedString) 59 { 60 byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; 61 byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; 62 DESCryptoServiceProvider provider = new DESCryptoServiceProvider(); 63 byte[] buffer = Convert.FromBase64String(encryptedString); 64 MemoryStream ms = new MemoryStream(buffer); 65 CryptoStream cs = new CryptoStream(ms, provider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read); 66 StreamReader sr = new StreamReader(cs); 67 return sr.ReadToEnd(); 68 69 } 70 71 public static string Decrypt_Des2(string encryptedString) 72 { 73 byte[] b = new byte[encryptedString.Length / 2]; 74 for (int i = 0; i < encryptedString.Length / 2; i++) 75 { 76 string strTemp = encryptedString.Substring(i * 2, 2); 77 b[i] = Convert.ToByte(strTemp, 16); 78 } 79 string str = System.Text.Encoding.Default.GetString(b); 80 81 byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; 82 byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; 83 DESCryptoServiceProvider provider = new DESCryptoServiceProvider(); 84 byte[] buffer = Convert.FromBase64String(str); 85 MemoryStream ms = new MemoryStream(buffer); 86 CryptoStream cs = new CryptoStream(ms, provider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read); 87 StreamReader sr = new StreamReader(cs); 88 return sr.ReadToEnd(); 89 90 } 91 } 92 }
【后台下载类代码】
1 using System; 2 using System.Collections.Generic; 3 using System.IO; 4 using System.Linq; 5 using System.Web; 6 using System.Web.UI; 7 using System.Web.UI.WebControls; 8 using Woo.Utility; 9 using WooBase.Common; 10 11 12 namespace FilePathEncrypt 13 { 14 public partial class DownLoad : System.Web.UI.Page 15 { 16 protected void Page_Load(object sender, EventArgs e) 17 { 18 //访问此页进行解密下载 19 //例如:AjaxPage/WooCommon/DownLoad.aspx?cmd=42544F4A692B5775664E4C45316E3437366B2F553761304E6A52644A32734E76697470494C726E4D766C4662795751322B6737375875504D73644331556F4A2F6C2F526C39423073365435492F33714D3755657536484868496B3275395A745059464C72776E705376666B4D7330504F5A30476F454C3061697541784B556471724B30777479577A382F453D 20 21 var cmd = PageUtility.GetRequestString("cmd"); 22 if (!string.IsNullOrEmpty(cmd)) 23 { 24 cmd = cmd.Replace("\"", "").Trim(); 25 cmd = Security.Decrypt_Des2(cmd).ToLower(); 26 cmd = cmd.Replace("/", "\\").Replace("\"", ""); 27 string dir = HttpContext.Current.Request.PhysicalApplicationPath; 28 if (File.Exists(dir + cmd)) 29 { 30 int finded = (dir + cmd).LastIndexOf(".wdata"); 31 string FileName = (dir + cmd).Remove(finded); 32 33 string ext = System.IO.Path.GetExtension(FileName); 34 string fname = System.IO.Path.GetFileName(FileName); 35 36 37 HttpContext.Current.Response.Clear(); 38 HttpContext.Current.Response.Buffer = true; 39 HttpContext.Current.Response.Charset = "UTF-8"; 40 HttpContext.Current.Response.AppendHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(fname, System.Text.Encoding.GetEncoding("UTF-8"))); 41 HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.GetEncoding("UTF-8"); 42 HttpContext.Current.Response.ContentType = GetContentType(ext); 43 HttpContext.Current.Response.WriteFile(FileName + ".wdata"); 44 HttpContext.Current.Response.Flush(); 45 HttpContext.Current.Response.End(); 46 47 48 HttpContext.Current.Response.Redirect(FileName + ".wdata"); 49 } 50 } 51 else 52 { 53 var cmdtwo = PageUtility.GetRequestString("noEncryptCmd"); 54 if (!string.IsNullOrEmpty(cmdtwo)) 55 { 56 cmdtwo = cmdtwo.Replace("\"", "").Trim(); 57 cmdtwo = cmdtwo.Replace("/", "\\").Replace("\"", ""); 58 string dir = HttpContext.Current.Request.PhysicalApplicationPath; 59 if (File.Exists(dir + cmdtwo)) 60 { 61 int finded = (dir + cmdtwo).LastIndexOf(".wdata"); 62 string FileName = (dir + cmdtwo).Remove(finded); 63 64 string ext = System.IO.Path.GetExtension(FileName); 65 string fname = System.IO.Path.GetFileName(FileName); 66 67 68 HttpContext.Current.Response.Clear(); 69 HttpContext.Current.Response.Buffer = true; 70 HttpContext.Current.Response.Charset = "UTF-8"; 71 HttpContext.Current.Response.AppendHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(fname, System.Text.Encoding.GetEncoding("UTF-8"))); 72 HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.GetEncoding("UTF-8"); 73 HttpContext.Current.Response.ContentType = GetContentType(ext); 74 HttpContext.Current.Response.WriteFile(FileName + ".wdata"); 75 HttpContext.Current.Response.Flush(); 76 HttpContext.Current.Response.End(); 77 78 HttpContext.Current.Response.Redirect(FileName + ".wdata"); 79 } 80 } 81 } 82 } 83 84 private string GetContentType(string ext) 85 { 86 switch (ext.ToLower().Trim('.')) 87 { 88 89 //"application/vnd.openxmlformats-officedocument.presentationml.presentation" (for . files) 90 //"" (for .ppsx files) 91 //"" (for . files) 92 //"" (for . files) 93 //"" (for . files) 94 95 case "docx": return "application/vnd.openxmlformats-officedocument.wordprocessingml.document"; 96 case "dotx": return "application/vnd.openxmlformats-officedocument.wordprocessingml.template"; 97 case "pptx": return "application/vnd.openxmlformats-officedocument.presentationml.slideshow"; 98 case "potx": return "application/vnd.openxmlformats-officedocument.presentationml.template"; 99 case "xlsx": return "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"; 100 case "xltx": return "application/vnd.openxmlformats-officedocument.spreadsheetml.template"; 101 case "accdb": 102 case "accde": 103 case "accdt": 104 return "application/msaccess"; 105 case "mdb": return "application/x-msaccess"; 106 case "ez": return "application/andrew-inset"; 107 case "hqx": return "application/mac-binhex40"; 108 case "cpt": return "application/mac-compactpro"; 109 case "doc": return "application/msword"; 110 case "bin": return "application/octet-stream"; 111 case "dms": return "application/octet-stream"; 112 case "lha": return "application/octet-stream"; 113 case "lzh": return "application/octet-stream"; 114 case "exe": return "application/octet-stream"; 115 case "class": return "application/octet-stream"; 116 case "so": return "application/octet-stream"; 117 case "dll": return "application/octet-stream"; 118 case "oda": return "application/oda"; 119 case "pdf": return "application/pdf"; 120 case "ai": return "application/postscript"; 121 case "eps": return "application/postscript"; 122 case "ps": return "application/postscript"; 123 case "smi": return "application/smil"; 124 case "smil": return "application/smil"; 125 case "mif": return "application/vnd.mif"; 126 case "xls": return "application/vnd.ms-excel"; 127 case "ppt": return "application/vnd.ms-powerpoint"; 128 case "wbxml": return "application/vnd.wap.wbxml"; 129 case "wmlc": return "application/vnd.wap.wmlc"; 130 case "wmlsc": return "application/vnd.wap.wmlscriptc"; 131 case "bcpio": return "application/x-bcpio"; 132 case "vcd": return "application/x-cdlink"; 133 case "pgn": return "application/x-chess-pgn"; 134 case "cpio": return "application/x-cpio"; 135 case "csh": return "application/x-csh"; 136 case "dcr": return "application/x-director"; 137 case "dir": return "application/x-director"; 138 case "dxr": return "application/x-director"; 139 case "dvi": return "application/x-dvi"; 140 case "spl": return "application/x-futuresplash"; 141 case "gtar": return "application/x-gtar"; 142 case "hdf": return "application/x-hdf"; 143 case "js": return "application/x-javascript"; 144 case "skp": return "application/x-koan"; 145 case "skd": return "application/x-koan"; 146 case "skt": return "application/x-koan"; 147 case "skm": return "application/x-koan"; 148 case "latex": return "application/x-latex"; 149 case "nc": return "application/x-netcdf"; 150 case "cdf": return "application/x-netcdf"; 151 case "sh": return "application/x-sh"; 152 case "shar": return "application/x-shar"; 153 case "swf": return "application/x-shockwave-flash"; 154 case "sit": return "application/x-stuffit"; 155 case "sv4cpio": return "application/x-sv4cpio"; 156 case "sv4crc": return "application/x-sv4crc"; 157 case "tar": return "application/x-tar"; 158 case "tcl": return "application/x-tcl"; 159 case "tex": return "application/x-tex"; 160 case "texinfo": return "application/x-texinfo"; 161 case "texi": return "application/x-texinfo"; 162 case "t": return "application/x-troff"; 163 case "tr": return "application/x-troff"; 164 case "roff": return "application/x-troff"; 165 case "man": return "application/x-troff-man"; 166 case "me": return "application/x-troff-me"; 167 case "ms": return "application/x-troff-ms"; 168 case "ustar": return "application/x-ustar"; 169 case "src": return "application/x-wais-source"; 170 case "xhtml": return "application/xhtml+xml"; 171 case "xht": return "application/xhtml+xml"; 172 case "zip": return "application/zip"; 173 case "au": return "audio/basic"; 174 case "snd": return "audio/basic"; 175 case "mid": return "audio/midi"; 176 case "midi": return "audio/midi"; 177 case "kar": return "audio/midi"; 178 case "mpga": return "audio/mpeg"; 179 case "mp2": return "audio/mpeg"; 180 case "mp3": return "audio/mpeg"; 181 case "aif": return "audio/x-aiff"; 182 case "aiff": return "audio/x-aiff"; 183 case "aifc": return "audio/x-aiff"; 184 case "m3u": return "audio/x-mpegurl"; 185 case "ram": return "audio/x-pn-realaudio"; 186 case "rm": return "audio/x-pn-realaudio"; 187 case "rpm": return "audio/x-pn-realaudio-plugin"; 188 case "ra": return "audio/x-realaudio"; 189 case "wav": return "audio/x-wav"; 190 case "pdb": return "chemical/x-pdb"; 191 case "xyz": return "chemical/x-xyz"; 192 case "bmp": return "image/bmp"; 193 case "gif": return "image/gif"; 194 case "ief": return "image/ief"; 195 case "jpeg": return "image/jpeg"; 196 case "jpg": return "image/jpeg"; 197 case "jpe": return "image/jpeg"; 198 case "png": return "image/png"; 199 case "tiff": return "image/tiff"; 200 case "tif": return "image/tiff"; 201 case "djvu": return "image/vnd.djvu"; 202 case "djv": return "image/vnd.djvu"; 203 case "wbmp": return "image/vnd.wap.wbmp"; 204 case "ras": return "image/x-cmu-raster"; 205 case "pnm": return "image/x-portable-anymap"; 206 case "pbm": return "image/x-portable-bitmap"; 207 case "pgm": return "image/x-portable-graymap"; 208 case "ppm": return "image/x-portable-pixmap"; 209 case "rgb": return "image/x-rgb"; 210 case "xbm": return "image/x-xbitmap"; 211 case "xpm": return "image/x-xpixmap"; 212 case "xwd": return "image/x-xwindowdump"; 213 case "igs": return "model/iges"; 214 case "iges": return "model/iges"; 215 case "msh": return "model/mesh"; 216 case "mesh": return "model/mesh"; 217 case "silo": return "model/mesh"; 218 case "wrl": return "model/vrml"; 219 case "vrml": return "model/vrml"; 220 case "css": return "text/css"; 221 case "html": return "text/html"; 222 case "htm": return "text/html"; 223 case "asc": return "text/plain"; 224 case "txt": return "text/plain"; 225 case "rtx": return "text/richtext"; 226 case "rtf": return "text/rtf"; 227 case "sgml": return "text/sgml"; 228 case "sgm": return "text/sgml"; 229 case "tsv": return "text/tab-separated-values"; 230 case "wml": return "text/vnd.wap.wml"; 231 case "wmls": return "text/vnd.wap.wmlscript"; 232 case "etx": return "text/x-setext"; 233 case "xsl": return "text/xml"; 234 case "xml": return "text/xml"; 235 case "mpeg": return "video/mpeg"; 236 case "mpg": return "video/mpeg"; 237 case "mpe": return "video/mpeg"; 238 case "qt": return "video/quicktime"; 239 case "mov": return "video/quicktime"; 240 case "mxu": return "video/vnd.mpegurl"; 241 case "avi": return "video/x-msvideo"; 242 case "movie": return "video/x-sgi-movie"; 243 case "ice": return "x-conference/x-cooltalk"; 244 default: 245 return "application/octet-stream"; 246 } 247 248 } 249 } 250 }
Demo下载: