我的新浪博客 我的视频制作室 我的QQ空间

点滴积累【C#】---对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患!

效果:

描述:

本事例是为解决在上传或下载文件时避免将路径暴露在外。在上传时将路径进行加密保存到DataTable或数据库中,在下载是再读取DataTable中加密数据进行解密下载。

代码:

【前台代码】

 

 1 <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="FileUpload.aspx.cs" Inherits="FilePathEncrypt.FileUpload" %>
 2 
 3 <!DOCTYPE html>
 4 
 5 <html xmlns="http://www.w3.org/1999/xhtml">
 6 <head runat="server">
 7     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 8     <title></title>
 9     
10 </head>
11 <body>
12     <%--<form id="form1" runat="server" name="formFile" method="post" action="/FileUpload.aspx" target="frameFile" enctype="multipart/form-data">--%>
13         <form id="form1" runat="server">
14         <div>
15             <%--<input type="text" id="textID" name="txtName" />--%>
16             <%--<input type="file" id="fileUp" name="fileUp" />--%>&nbsp;&nbsp;<%--<input type="submit" value="确认上传" />--%>
17             <%--<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>--%>
18             <asp:FileUpload ID="FileUpload1" runat="server" />&nbsp;&nbsp;<asp:Button ID="Button1" runat="server" Text="确认上传" OnClick="Button1_Click" />
19 
20             <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" Height="132px" Width="251px" CellPadding="4" ForeColor="#333333" GridLines="None">
21                 <AlternatingRowStyle BackColor="White" />
22             <Columns>
23                 <asp:BoundField DataField="ID" HeaderText="ID" />
24                 <asp:BoundField  DataField="FileName" HeaderText="名称" />
25                 <asp:BoundField  DataField="FileType" HeaderText="类型" />
26                 <asp:BoundField  DataField="FilePath_Security" HeaderText="路径加密" />
27                 <asp:TemplateField HeaderText="下载">
28                     <ItemTemplate>
29                         <asp:HyperLink ID="HyperLink1" NavigateUrl='<%# Eval("FilePath_Security") %>'  runat="server">下载</asp:HyperLink>
30                     </ItemTemplate>
31                 </asp:TemplateField>
32             </Columns>
33                 <EditRowStyle BackColor="#2461BF" />
34                 <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
35                 <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
36                 <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />
37                 <RowStyle BackColor="#EFF3FB" />
38                 <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />
39                 <SortedAscendingCellStyle BackColor="#F5F7FB" />
40                 <SortedAscendingHeaderStyle BackColor="#6D95E1" />
41                 <SortedDescendingCellStyle BackColor="#E9EBEF" />
42                 <SortedDescendingHeaderStyle BackColor="#4870BE" />
43         </asp:GridView>
44         </div>
45     </form>
46     <iframe id="frameFile" name="frameFile" style="display: none;"></iframe>
47 </body>
48 </html>

 

【后台代码】

 

  1 using System;
  2 using System.Collections.Generic;
  3 using System.Data;
  4 using System.IO;
  5 using System.Linq;
  6 using System.Web;
  7 using System.Web.UI;
  8 using System.Web.UI.WebControls;
  9 using WooBase.Common;
 10 
 11 namespace FilePathEncrypt
 12 {
 13     public partial class FileUpload : System.Web.UI.Page
 14     {
 15         protected void Page_Load(object sender, EventArgs e)
 16         {
 17 
 18             DataTable dt = new DataTable();
 19             dt = NewTable();
 20 
 21             GridView1.DataSource = dt;
 22             GridView1.DataBind();
 23         }
 24 
 25         /// <summary>
 26         /// 构建DataTable
 27         /// </summary>
 28         /// <returns></returns>
 29         public DataTable NewTable()
 30         {
 31             DataTable dt = new DataTable();
 32             dt.TableName = "SaveData";
 33             DataColumn col = new DataColumn("ID", typeof(Int32));
 34             col.AutoIncrement = true;
 35             col.AutoIncrementSeed = 1;
 36             col.AutoIncrementStep = 1;
 37             dt.Columns.Add(col);
 38             dt.Columns.Add("FileName", typeof(String));
 39             dt.Columns.Add("FileType", typeof(String));
 40             dt.Columns.Add("FilePath_Security", typeof(String));
 41 
 42             DataRow dr = dt.NewRow();
 43             dr["FileName"] = "青苹果.jpg";
 44             dr["FileType"] = ".jpg";
 45             dr["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D";
 46             dt.Rows.Add(dr);
 47             DataRow dr1 = dt.NewRow();
 48             dr1["FileName"] = "青苹果.txt";
 49             dr1["FileType"] = ".txt";
 50             dr1["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D";
 51             dt.Rows.Add(dr1);
 52 
 53             return dt;
 54         }
 55 
 56         protected void Button1_Click(object sender, EventArgs e)
 57         {
 58             string FullName = FileUpload1.PostedFile.FileName;
 59             if (!string.IsNullOrEmpty(FullName))
 60             {
 61                 FileInfo fi = new FileInfo(FullName);
 62                 string name = fi.Name;//获取word名称
 63                 string type = fi.Extension;//获取word类型
 64                 string SavePath = Server.MapPath("UploadFile\\");//word保存到文件夹下
 65                 if (!Directory.Exists(SavePath))   //判断文件夹是否存在,如果不存在则创建
 66                 {
 67                     Directory.CreateDirectory(SavePath);
 68                 }
 69                 this.FileUpload1.PostedFile.SaveAs(SavePath + "\\" + name + ".wdata");//保存路径
 70                 string SecurityPath = setPath("UploadFile\\" + name + ".wdata");//加密
 71 
 72                 DataTable dt = new DataTable();
 73                 dt = NewTable();
 74                 if (name != "")
 75                 {
 76                     DataRow dr = dt.NewRow();
 77                     dr["FileName"] = name;
 78                     dr["FileType"] = type;
 79                     dr["FilePath_Security"] = SecurityPath;
 80                     dt.Rows.Add(dr);
 81                 }
 82                 GridView1.DataSource = dt;
 83                 GridView1.DataBind();
 84             }
 85             else
 86             {
 87                 Response.Write("<script>alert('请选择文件');</script>");
 88             }
 89         }
 90         /// <summary>
 91         /// 加密路径
 92         /// </summary>
 93         /// <param name="path"></param>
 94         /// <returns></returns>
 95         public static string setPath(string path)
 96         {
 97             string SetPath = "";
 98             try
 99             {
100                 SetPath = "DownLoad.aspx?cmd=" + Security.Encrypt_Des2(path) + "\"";
101                 return SetPath;
102             }
103             catch (Exception ex)
104             {
105                 throw ex;
106             }
107 
108         }
109     }
110 }

【后台加密函数代码】

 1 using System;
 2 using System.Collections.Generic;
 3 using System.Linq;
 4 using System.Text;
 5 using System.IO;
 6 using System.Text;
 7 using System.Security.Cryptography;
 8 
 9 namespace WooBase.Common
10 {
11     public class Security
12     {
13         //   DES     的加密方法   。   
14         //   私钥加密   /   对称算法   。   
15         public static string Encrypt_Des(string cleanString)
16         {
17             //.NET   框架提供的对称加密类需要一个密钥和一个新的   IV   来加密和解密数据。   
18             //每当使用默认的构造函数创建其中一个托管对称加密类的新实例时,就会自动创建新的密钥和   IV   
19             //DES   使用   64   位密钥、64   位块来加密和解密数据。每个数据块迭代   16   次以生成加密文本。   
20             //初始化向量(IV)   用来第一次对数据块进行加密   。   
21             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; //   指定的   Key   
22             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; //   初始化向量(IV)   
23             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
24             MemoryStream ms = new MemoryStream();
25             CryptoStream cs = new CryptoStream(ms, provider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write);
26             StreamWriter sw = new StreamWriter(cs);
27             sw.Write(cleanString);
28             sw.Flush();
29             cs.FlushFinalBlock();
30             ms.Flush();
31             return Convert.ToBase64String(ms.GetBuffer(), 0, int.Parse((ms.Length.ToString())));
32         }
33 
34         public static string Encrypt_Des2(string cleanString)
35         {
36             string result = string.Empty;
37             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 }; //   指定的   Key   
38             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 }; //   初始化向量(IV)   
39             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
40             MemoryStream ms = new MemoryStream();
41             CryptoStream cs = new CryptoStream(ms, provider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write);
42             StreamWriter sw = new StreamWriter(cs);
43             sw.Write(cleanString);
44             sw.Flush();
45             cs.FlushFinalBlock();
46             ms.Flush();
47             string tmpS = Convert.ToBase64String(ms.GetBuffer(), 0, int.Parse((ms.Length.ToString())));
48             byte[] bTemp = System.Text.Encoding.Default.GetBytes(tmpS);
49             for (int i = 0; i < bTemp.Length; i++)
50             {
51                 result += bTemp[i].ToString("X");
52             }
53             return result;
54         }
55 
56         //   DES     的解密方法   。   
57         //   私钥加密   /   对称算法   。   
58         public static string Decrypt_Des(string encryptedString)
59         {
60             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 };
61             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 };
62             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
63             byte[] buffer = Convert.FromBase64String(encryptedString);
64             MemoryStream ms = new MemoryStream(buffer);
65             CryptoStream cs = new CryptoStream(ms, provider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read);
66             StreamReader sr = new StreamReader(cs);
67             return sr.ReadToEnd();
68 
69         }
70 
71         public static string Decrypt_Des2(string encryptedString)
72         {
73             byte[] b = new byte[encryptedString.Length / 2];
74             for (int i = 0; i < encryptedString.Length / 2; i++)
75             {
76                 string strTemp = encryptedString.Substring(i * 2, 2);
77                 b[i] = Convert.ToByte(strTemp, 16);
78             }
79             string str = System.Text.Encoding.Default.GetString(b);
80 
81             byte[] KEY_64 = { 42, 16, 93, 156, 78, 14, 218, 31 };
82             byte[] IV_64 = { 55, 103, 246, 79, 36, 23, 167, 0 };
83             DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
84             byte[] buffer = Convert.FromBase64String(str);
85             MemoryStream ms = new MemoryStream(buffer);
86             CryptoStream cs = new CryptoStream(ms, provider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read);
87             StreamReader sr = new StreamReader(cs);
88             return sr.ReadToEnd();
89 
90         }
91     }
92 }

【后台下载类代码】

  1 using System;
  2 using System.Collections.Generic;
  3 using System.IO;
  4 using System.Linq;
  5 using System.Web;
  6 using System.Web.UI;
  7 using System.Web.UI.WebControls;
  8 using Woo.Utility;
  9 using WooBase.Common;
 10 
 11 
 12 namespace FilePathEncrypt
 13 {
 14     public partial class DownLoad : System.Web.UI.Page
 15     {
 16         protected void Page_Load(object sender, EventArgs e)
 17         {
 18             //访问此页进行解密下载 
 19             //例如:AjaxPage/WooCommon/DownLoad.aspx?cmd=42544F4A692B5775664E4C45316E3437366B2F553761304E6A52644A32734E76697470494C726E4D766C4662795751322B6737375875504D73644331556F4A2F6C2F526C39423073365435492F33714D3755657536484868496B3275395A745059464C72776E705376666B4D7330504F5A30476F454C3061697541784B556471724B30777479577A382F453D
 20 
 21             var cmd = PageUtility.GetRequestString("cmd");
 22             if (!string.IsNullOrEmpty(cmd))
 23             {
 24                 cmd = cmd.Replace("\"", "").Trim();
 25                 cmd = Security.Decrypt_Des2(cmd).ToLower();
 26                 cmd = cmd.Replace("/", "\\").Replace("\"", "");
 27                 string dir = HttpContext.Current.Request.PhysicalApplicationPath;
 28                 if (File.Exists(dir + cmd))
 29                 {
 30                     int finded = (dir + cmd).LastIndexOf(".wdata");
 31                     string FileName = (dir + cmd).Remove(finded);
 32 
 33                     string ext = System.IO.Path.GetExtension(FileName);
 34                     string fname = System.IO.Path.GetFileName(FileName);
 35 
 36 
 37                     HttpContext.Current.Response.Clear();
 38                     HttpContext.Current.Response.Buffer = true;
 39                     HttpContext.Current.Response.Charset = "UTF-8";
 40                     HttpContext.Current.Response.AppendHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(fname, System.Text.Encoding.GetEncoding("UTF-8")));
 41                     HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.GetEncoding("UTF-8");
 42                     HttpContext.Current.Response.ContentType = GetContentType(ext);
 43                     HttpContext.Current.Response.WriteFile(FileName + ".wdata");
 44                     HttpContext.Current.Response.Flush();
 45                     HttpContext.Current.Response.End();
 46 
 47 
 48                     HttpContext.Current.Response.Redirect(FileName + ".wdata");
 49                 }
 50             }
 51             else
 52             {
 53                 var cmdtwo = PageUtility.GetRequestString("noEncryptCmd");
 54                 if (!string.IsNullOrEmpty(cmdtwo))
 55                 {
 56                     cmdtwo = cmdtwo.Replace("\"", "").Trim();
 57                     cmdtwo = cmdtwo.Replace("/", "\\").Replace("\"", "");
 58                     string dir = HttpContext.Current.Request.PhysicalApplicationPath;
 59                     if (File.Exists(dir + cmdtwo))
 60                     {
 61                         int finded = (dir + cmdtwo).LastIndexOf(".wdata");
 62                         string FileName = (dir + cmdtwo).Remove(finded);
 63 
 64                         string ext = System.IO.Path.GetExtension(FileName);
 65                         string fname = System.IO.Path.GetFileName(FileName);
 66 
 67 
 68                         HttpContext.Current.Response.Clear();
 69                         HttpContext.Current.Response.Buffer = true;
 70                         HttpContext.Current.Response.Charset = "UTF-8";
 71                         HttpContext.Current.Response.AppendHeader("Content-Disposition", "attachment;filename=" + HttpUtility.UrlEncode(fname, System.Text.Encoding.GetEncoding("UTF-8")));
 72                         HttpContext.Current.Response.ContentEncoding = System.Text.Encoding.GetEncoding("UTF-8");
 73                         HttpContext.Current.Response.ContentType = GetContentType(ext);
 74                         HttpContext.Current.Response.WriteFile(FileName + ".wdata");
 75                         HttpContext.Current.Response.Flush();
 76                         HttpContext.Current.Response.End();
 77 
 78                         HttpContext.Current.Response.Redirect(FileName + ".wdata");
 79                     }
 80                 }
 81             }
 82         }
 83 
 84         private string GetContentType(string ext)
 85         {
 86             switch (ext.ToLower().Trim('.'))
 87             {
 88 
 89                 //"application/vnd.openxmlformats-officedocument.presentationml.presentation" (for . files)
 90                 //"" (for .ppsx files)
 91                 //"" (for . files)
 92                 //"" (for . files)
 93                 //"" (for . files)
 94 
 95                 case "docx": return "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
 96                 case "dotx": return "application/vnd.openxmlformats-officedocument.wordprocessingml.template";
 97                 case "pptx": return "application/vnd.openxmlformats-officedocument.presentationml.slideshow";
 98                 case "potx": return "application/vnd.openxmlformats-officedocument.presentationml.template";
 99                 case "xlsx": return "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
100                 case "xltx": return "application/vnd.openxmlformats-officedocument.spreadsheetml.template";
101                 case "accdb":
102                 case "accde":
103                 case "accdt":
104                     return "application/msaccess";
105                 case "mdb": return "application/x-msaccess";
106                 case "ez": return "application/andrew-inset";
107                 case "hqx": return "application/mac-binhex40";
108                 case "cpt": return "application/mac-compactpro";
109                 case "doc": return "application/msword";
110                 case "bin": return "application/octet-stream";
111                 case "dms": return "application/octet-stream";
112                 case "lha": return "application/octet-stream";
113                 case "lzh": return "application/octet-stream";
114                 case "exe": return "application/octet-stream";
115                 case "class": return "application/octet-stream";
116                 case "so": return "application/octet-stream";
117                 case "dll": return "application/octet-stream";
118                 case "oda": return "application/oda";
119                 case "pdf": return "application/pdf";
120                 case "ai": return "application/postscript";
121                 case "eps": return "application/postscript";
122                 case "ps": return "application/postscript";
123                 case "smi": return "application/smil";
124                 case "smil": return "application/smil";
125                 case "mif": return "application/vnd.mif";
126                 case "xls": return "application/vnd.ms-excel";
127                 case "ppt": return "application/vnd.ms-powerpoint";
128                 case "wbxml": return "application/vnd.wap.wbxml";
129                 case "wmlc": return "application/vnd.wap.wmlc";
130                 case "wmlsc": return "application/vnd.wap.wmlscriptc";
131                 case "bcpio": return "application/x-bcpio";
132                 case "vcd": return "application/x-cdlink";
133                 case "pgn": return "application/x-chess-pgn";
134                 case "cpio": return "application/x-cpio";
135                 case "csh": return "application/x-csh";
136                 case "dcr": return "application/x-director";
137                 case "dir": return "application/x-director";
138                 case "dxr": return "application/x-director";
139                 case "dvi": return "application/x-dvi";
140                 case "spl": return "application/x-futuresplash";
141                 case "gtar": return "application/x-gtar";
142                 case "hdf": return "application/x-hdf";
143                 case "js": return "application/x-javascript";
144                 case "skp": return "application/x-koan";
145                 case "skd": return "application/x-koan";
146                 case "skt": return "application/x-koan";
147                 case "skm": return "application/x-koan";
148                 case "latex": return "application/x-latex";
149                 case "nc": return "application/x-netcdf";
150                 case "cdf": return "application/x-netcdf";
151                 case "sh": return "application/x-sh";
152                 case "shar": return "application/x-shar";
153                 case "swf": return "application/x-shockwave-flash";
154                 case "sit": return "application/x-stuffit";
155                 case "sv4cpio": return "application/x-sv4cpio";
156                 case "sv4crc": return "application/x-sv4crc";
157                 case "tar": return "application/x-tar";
158                 case "tcl": return "application/x-tcl";
159                 case "tex": return "application/x-tex";
160                 case "texinfo": return "application/x-texinfo";
161                 case "texi": return "application/x-texinfo";
162                 case "t": return "application/x-troff";
163                 case "tr": return "application/x-troff";
164                 case "roff": return "application/x-troff";
165                 case "man": return "application/x-troff-man";
166                 case "me": return "application/x-troff-me";
167                 case "ms": return "application/x-troff-ms";
168                 case "ustar": return "application/x-ustar";
169                 case "src": return "application/x-wais-source";
170                 case "xhtml": return "application/xhtml+xml";
171                 case "xht": return "application/xhtml+xml";
172                 case "zip": return "application/zip";
173                 case "au": return "audio/basic";
174                 case "snd": return "audio/basic";
175                 case "mid": return "audio/midi";
176                 case "midi": return "audio/midi";
177                 case "kar": return "audio/midi";
178                 case "mpga": return "audio/mpeg";
179                 case "mp2": return "audio/mpeg";
180                 case "mp3": return "audio/mpeg";
181                 case "aif": return "audio/x-aiff";
182                 case "aiff": return "audio/x-aiff";
183                 case "aifc": return "audio/x-aiff";
184                 case "m3u": return "audio/x-mpegurl";
185                 case "ram": return "audio/x-pn-realaudio";
186                 case "rm": return "audio/x-pn-realaudio";
187                 case "rpm": return "audio/x-pn-realaudio-plugin";
188                 case "ra": return "audio/x-realaudio";
189                 case "wav": return "audio/x-wav";
190                 case "pdb": return "chemical/x-pdb";
191                 case "xyz": return "chemical/x-xyz";
192                 case "bmp": return "image/bmp";
193                 case "gif": return "image/gif";
194                 case "ief": return "image/ief";
195                 case "jpeg": return "image/jpeg";
196                 case "jpg": return "image/jpeg";
197                 case "jpe": return "image/jpeg";
198                 case "png": return "image/png";
199                 case "tiff": return "image/tiff";
200                 case "tif": return "image/tiff";
201                 case "djvu": return "image/vnd.djvu";
202                 case "djv": return "image/vnd.djvu";
203                 case "wbmp": return "image/vnd.wap.wbmp";
204                 case "ras": return "image/x-cmu-raster";
205                 case "pnm": return "image/x-portable-anymap";
206                 case "pbm": return "image/x-portable-bitmap";
207                 case "pgm": return "image/x-portable-graymap";
208                 case "ppm": return "image/x-portable-pixmap";
209                 case "rgb": return "image/x-rgb";
210                 case "xbm": return "image/x-xbitmap";
211                 case "xpm": return "image/x-xpixmap";
212                 case "xwd": return "image/x-xwindowdump";
213                 case "igs": return "model/iges";
214                 case "iges": return "model/iges";
215                 case "msh": return "model/mesh";
216                 case "mesh": return "model/mesh";
217                 case "silo": return "model/mesh";
218                 case "wrl": return "model/vrml";
219                 case "vrml": return "model/vrml";
220                 case "css": return "text/css";
221                 case "html": return "text/html";
222                 case "htm": return "text/html";
223                 case "asc": return "text/plain";
224                 case "txt": return "text/plain";
225                 case "rtx": return "text/richtext";
226                 case "rtf": return "text/rtf";
227                 case "sgml": return "text/sgml";
228                 case "sgm": return "text/sgml";
229                 case "tsv": return "text/tab-separated-values";
230                 case "wml": return "text/vnd.wap.wml";
231                 case "wmls": return "text/vnd.wap.wmlscript";
232                 case "etx": return "text/x-setext";
233                 case "xsl": return "text/xml";
234                 case "xml": return "text/xml";
235                 case "mpeg": return "video/mpeg";
236                 case "mpg": return "video/mpeg";
237                 case "mpe": return "video/mpeg";
238                 case "qt": return "video/quicktime";
239                 case "mov": return "video/quicktime";
240                 case "mxu": return "video/vnd.mpegurl";
241                 case "avi": return "video/x-msvideo";
242                 case "movie": return "video/x-sgi-movie";
243                 case "ice": return "x-conference/x-cooltalk";
244                 default:
245                     return "application/octet-stream";
246             }
247 
248         }
249     }
250 }

 Demo下载:

 https://files.cnblogs.com/files/xinchun/pathEncrypt.zip

posted @ 2015-04-06 23:48  青苹果  阅读(2173)  评论(0编辑  收藏  举报