Some knowledge points of webresource. axd in Asp.net 2.0 for resource management

View the source file on the Web page built by Asp.net 2.0. We often see the following HTML text

This is the script generated by the new resource management method provided by Asp.net 2.0.

How to use the new Resource Management MethodYou can refer to the following blogs:

Use webresource provided by ASP. NET 2.0 to manage resources
Http://birdshome.cnblogs.com/archive/2004/12/19/79309.html

Bundling JS files in custom server control step by step
Http://www.cnblogs.com/jackielin/archive/2005/11/29/286570.html

Use Web Resources in ASP. NET 2.0
Http://support.microsoft.com/kb/910442

Implement webresource. axd in. NET 1.1
Http://www.cnblogs.com/yeahooh/archive/2007/07/27/833846.html

 

When using webresource to manage resources, we often receive exceptions similar to the following.:

System. Web. httpexception: The view status is invalid.
System. Security. cryptography. cryptographicexception: The filling is invalid and cannot be removed.

For example, this problem is raised in the following articles:

Annoying cryptographicexception on webresource. axd
Http://forums.asp.net/t/934913.aspx

ASP. NET's webresource. axd and machinekey badness
Http://blog.aproductofsociety.org /? P = 11

 

This is because the parameters of webresource. axd URL are time-sensitive. However, for search engine crawlers, they often access the expired addresses of these parameters, so the above exception occurs.

There is no better solution to this question. In the Microsoft forum, the following information is added to the robots.txt file:

User-Agent :*
Disallow:/*. axd $

However, this requires crawlers that follow the robots.txt specifications to obtain the latest robots.txt. There is no way for crawlers that do not follow the robots.txt specification.

 

My current idea is that webresource. axd is useless, because there are too many crawlers that do not comply with the robots.txt specifications. In this case, we need to analyze the resources in webresource. axd in those scenarios, that is, we need to analyze the format of webresource. axd.

 

URL format of webresource. axdYes:

Webresource. axd? D = encrypted identifier & t = timestamp value.
Where:

"D" indicates the request for web resources. (Encrypted identifier)
"T" is a timestamp pair to the Assembly, which helps in determining if a change request has been made to the resource.

 

T parameter does not make sense for us to analyze who uses it. Next we will analyze the D parameter.

 

The parsing code of the d parameter is as follows:

Script runat = "server"> Public static string pagedecryptstring (string input) {type = typeof (system. web. UI. page); object o = activator. createinstance (type); system. reflection. methodinfo MI = type. getmethod ("decryptstring", system. reflection. bindingflags. nonpublic | system. reflection. bindingflags. static, null, new type [] {typeof (string)}, null); object result = mi. invoke (O, new object [] {input}); return result. tostring ();} protected void btn_post_click (Object sender, eventargs e) {This. rochelle info.text = pagedecryptstring (httputility. urldecode (tb_webresourcedvalue.text);} SCRIPT> HTML xmlns = "http://www.w3.org/1999/xhtml"> body> Form ID = "form1" runat = "server"> Asp: textbox id = "tb_webresourcedvalue" runat = "server"/> Br/> Asp: Label id = "l_info" runat = "server"/> Br/> Asp: button id = "btn_post" runat = "server" text = "computing" onclick = "btn_post_click"/> form> body> HTML>

In the C:/Windows/Microsoft. NET/framework64/v2.0.50727/config/Web. config file, we can see that the webresource. axd file is configured and parsed using the following httphandle:

In the system. Web. Handlers. assemblyresourceloader class, you can use the reflector tool to view the following code:

 

void IHttpHandler.ProcessRequest(HttpContext context){// ...string str = context.Request.QueryString["d"];// ....string str2 = Page.DecryptString(str);// ...}

Obviously, the D parameter should be parsed through the page. decryptstring function.

In the page. decryptstring function, the default encryption key configured in Web configuration is called. For simplicity, the parsing method here is implemented on the Asp.net page. Since the page. decryptstring function is internal static, the code above uses reflection to call this function and obtain the expected value.

(To ensure that the decryption key of the decryption algorithm is consistent, the simplest way is to put the above decryption ASPX page on the same server as the one to be parsed)

The above qfrkdnww93t08kaf3ioskq2 decryption result is: S | webforms. js vertical bars are only used to separate different values in strings. "S" indicates that the data is a script, and "webforms. js" indicates the name of the resource to be retrieved. Webforms. js resources can be retrieved from system. Web. dll.

Similarly, the above 9ivku5ss0wd5al1syg8zjl8xxbp97lbenhery4altjk1 decryption result is: S | webuivalidation. js

Obviously, if such a webresource. axd call occurs, it is necessary to verify that the control is being called.

We want

If it does not appear, you need to disable the verification control that calls webforms. js and webuivalidation. js scripts.

 

References:

Globalization ready: traveling around the globe with ASP. NET Ajax applications -- msdn magazine, January 2008
Http://msdn.microsoft.com/msdnmag/issues/08/01/InternationalizingASPNETAJAX/default.aspx? Loc = ZH

Research on script resources in ASP. NET 2.0 (1)
Http://www.cnblogs.com/Truly/archive/2007/07/07/809576.html

Research on script resources in ASP. NET 2.0 (2)
Http://www.cnblogs.com/Truly/archive/2007/07/10/812707.html