Analysis of file system operation risks of ASP. NET Virtual Hosts

The file system operation hidden danger of ASP. net vm is that before we write code, we need to know several main classes we need. These classes are all in the System. IO namespace. The System. IO namespace contains classes that allow synchronous and asynchronous read/write on data streams and files.

At the beginning of the application, we need to know the System information of the server. This requires the System. Environment class, which provides information about the current Environment and platform and methods for operating on them. We use System. the Environment class can get the current directory and system directory of the system, which allows us to quickly find several key directories. We can also get the username of the running process to help us understand ASP.. NET program, and further set user permissions to avoid this security problem.

The other classes that use the System. IO namespace are:

System. IO. Directory: provides classes for creating, moving, and enumerating static methods through directories and subdirectories

System. IO. File: provides a class for creating, copying, deleting, moving, and opening files.

System. IO. FileInfo: class that provides instance methods for creating, copying, deleting, moving, and opening files

System. IO. StreamReader: implements a TextReader to read characters from the byte stream with a specific encoding.

The specific usage of the attributes and methods of each class we use will be described in the program as code annotations.

The System. IO namespace is in mscorlib. dll provided by. net framework. You need to reference this Dll to this handler before using VS. Net programming.

All programs we write use the Codebehind method, that is, each aspx program has a corresponding aspx. in the cs program and aspx program, only Code related to page display is written, and all logic implementation code is placed in the corresponding aspx. in the cs file, the display and logic can be better separated. Since our purpose is not to discuss Codebehind technology, we will not discuss it more.

In this article, we will only introduce the usage of several main classes and their key methods. For details about the program, please refer to the included source code.

Program 1: listdrivers. aspx program that displays the current information of the server and the names of all logical drives

Main Method 1: We use the GetSysInf () method to obtain information about the current environment and platform of the server.

 
 

  
  
// Method for obtaining system information, which is in the listdrivers. aspx. cs File 
  
  
Public VoidGetSysInf (){
  
  
// Obtain the operating system type 
  
  
QDrives = Environment. OSVersion. ToString ();
  
  
// Obtain the system folder 
  
  
QSystemDir = Environment. SystemDirectory. ToString ();
  
  
/* Obtain the amount of physical memory mapped to the process context. With this memory ing, you can understand the amount of system physical memory required for ASP. NET programs to run,
  
  
This helps us better plan our entire application, because the physical memory volume is measured in bytes,
  
  
Therefore, we divide this value by 1024 to obtain the physical memory size in KB */ 
  
  
QMo = (Environment. WorkingSet/1024). ToString ();
  
  
// Obtain the fully qualified path of the current directory, that is, the directory from which the process is started. 
  
  
QCurDir = Environment. CurrentDirectory. ToString ();
  
  
// Obtain the network domain name of the host 
  
  
QDomName = Environment. UserDomainName. ToString ();
  
  
// Obtain the number of milliseconds after the system is started 
  
  
QTick = Environment. TickCount;
  
  
// Calculate the number of minutes after the system is started 
  
  
QTick/= 60000;
  
  
// Obtain the machine name 
  
  
QMachine = Environment. MachineName;
  
  
// Obtain the user name for running the current process 
  
  
QUser = Environment. UserName;
  
  
/* Retrieve the name of the logical drive in the format of "<drive letter >:\" on this computer and return a string array, which is the key to the next step */ 
  
  
AchDrives = Directory. GetLogicalDrives ();
  
  
// Obtain the dimension of the string array and determine the number of logical drives. 
  
  
NNumOfDrives = achDrives. Length;
  
  
}
 
 

The file system operation risks of ASP. NET virtual hosts do not need to be operated on in the system information. We simply use asp: Label to display them. The number of logical drives varies on different servers. Therefore, the name of the logical drive is stored in an indefinite array, and the name of the logical drive is also the basis for browsing directories and files, therefore, we use the data grid DataGrid to display and process it.

Code for displaying and processing the DataGrid of the logical drive name in the listdrivers. aspx file ):

 
 

  
  
<Asp: DataGrid id ="Drivers> Grid"Runat ="Server"AutoGenerateColumns ="False">
  
  
<Columns
  
  
<Asp: BoundColumn HeaderText ="ID"DataField ="ID"/>
  
  
<Asp: BoundColumn HeaderText ="Disk name"DataField ="Drivers"/>
  
  
<Asp: HyperLinkColumn
  
  
HeaderText ="Details"
  
  
DataNavigateUrlField ="Drivers"DataNavigateUrlFormatString ="Listdir. aspx? Dir = {0 }"
  
  
DataTextField ="Detail"
  
  
Target ="_ New"/>
  
  
</Columns>
  
  
</Asp: DataGrid>
 
 

The first two BoundColumn columns show the sequence number and the actual logical drive name. The third column must be noted, before entering the display directory and file of each logical drive, we need to pass the name of the selected logical drive to the file of the display directory. Therefore, a special hyperlink line HyperLinkColumn is required, we set DataNavigateUrlField to the URL field of the hyperlink to be bound to the HyperLinkColumn in the data source, where it is the name of the logical drive. Then, set DataNavigateUrlFormatString to the display format of the hyperlink URL in the HyperLinkColumn when the URL data is bound to a field in the data source, that is, the next level of processing page to be linked. Here it is listdir. aspx? Dir = {name of the logical drive you clicked on}

The information about the file system operation risks of ASP. NET virtual hosts is introduced here.

1. Analysis of Date and Time Processing in ASP. NET Programming
2. Analysis of the pop-up window alarm prompt for ASP. NET Programming
3. Meanings and benefits of ASP. NET stored procedure calls
4. Analysis of ASP. NET application Resource Access Security Model
5. Major security risks of ASP. NET Virtual Hosts