The practical technique of urlrewrite anti-theft chain function in asp.net

Last Update:2017-01-19 Source: Internet

Author: User

Tags cdata rar

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

The fastest way to implement Urlrewrite in asp.net this article says how to do urlrewrite, that's just one of the simplest applications

In fact, the use of Urlrewrite and IIS settings we can achieve a simple and effective anti-theft chain function.

Let's say your site has a file: Web.rar, you want to have some specific domain name of the source address or have logged in to access the user, then have to use anti-theft chain function, in the ASP era, we need to use third-party components to achieve this effect, but in asp.net we can directly use Context.rewri Tepath to realize it.

Download configuration file:

Copy Code code as follows:

<?xml version= "1.0" encoding= "Utf-8"?>
<DownLoad>
<CheckType>1</CheckType>
<CookiesName>username</CookiesName>
<UrlPattern>
<! [cdata[//(. +?) /.rar/b]]>
</UrlPattern>
<UrlReplace>
<! [cdata[default.aspx?d=$1.rar]]>
</UrlReplace>
<AllowHost>
<! [cdata[127.0.0.1]]>
</AllowHost>
</DownLoad>

Description

Checktype: Type of Authentication required (1: Only verify valid domain name, 2: Verify only cookies,3: Verify domain Name and cookies at the same time)
Cookiesname: The name of the cookie to be verified may be null.
Urlpattern: The URL format of the request.
Urlreplace: The URL format to turn when the download is invalid.
Allowhost: The allowed source domain name.

Configuration in global.aspx:

Copy Code code as follows:

void Application_BeginRequest (object sender, EventArgs e)
{
BOOL Isallowdomain = false;
BOOL IsLogin = false;
String cookiesname = "UserName", Allowhost, referrerhost= "";
int checktype = 1;
BOOL Allowdown = false;
String[] Allowhostarr;
String Urlpattern = "", Urlreplace = "";
String[] pattern, replace;
String configfile = configurationmanager.appsettings["Downloadconfig"];
if (configfile!= "")
{
Try
{
System.Xml.XmlDataDocument xdconfig = new System.Xml.XmlDataDocument ();
Xdconfig.load (AppDomain.CurrentDomain.BaseDirectory + @ "/" + configfile);
if (Xdconfig.selectsinglenode ("Download/checktype"). InnerText!= "")
{
Checktype = Int. Parse (Xdconfig.selectsinglenode ("Download/checktype"). InnerText);
}
if (Xdconfig.selectsinglenode ("Download/cookiesname"). InnerText!= "")
{
Cookiesname = Xdconfig.selectsinglenode ("Download/cookiesname"). InnerText;
}
Allowhost = Xdconfig.selectsinglenode ("Download/allowhost"). InnerText;
Allowhostarr = Allowhost.split (' | ');
Urlpattern = Xdconfig.selectsinglenode ("Download/urlpattern"). InnerText;
Urlreplace = Xdconfig.selectsinglenode ("Download/urlreplace"). InnerText;
Pattern = Urlpattern.split (' @ ');
Replace = Urlreplace.split (' @ ');
if (Cookiesname = = "") Cookiesname = "UserName";
IsLogin = False. Equals (Request.cookies[cookiesname] = = NULL | | Request.cookies[cookiesname]. Value = = "");
if (request.urlreferrer!= null) Referrerhost = Request.UrlReferrer.Host.ToString ();
if (Allowhostarr.length < 1)
{
Isallowdomain = true;
}
Else
{
for (int hosti = 0; Hosti < allowhostarr.length-1; hosti++)
{
if (Allowhostarr[hosti). ToLower () = = Referrerhost.tolower ())
{
Isallowdomain = true;
Break
}
}
}
Switch (checktype)
{
Case 1:
Allowdown = True. Equals (Isallowdomain);
Break
Case 2:
Allowdown = IsLogin;
Break
Case 3:
Allowdown = True. Equals (Isallowdomain && islogin);
Break
}
if (Allowdown = = False)
{
string oldurl = HttpContext.Current.Request.RawUrl;
string newurl = Oldurl;
for (int iii. = 0; III < pattern. Length; iii++)
{
if (Regex.IsMatch (Oldurl, PATTERN[III), Regexoptions.ignorecase | regexoptions.compiled))
{
Newurl = Regex.Replace (Oldurl, PATTERN[III), REPLACE[III], regexoptions.compiled | Regexoptions.ignorecase);
Oldurl = Newurl;
}
}
This. Context.rewritepath (Newurl);
}
}
Catch
{
}
}
}

Configuration in Web.config:

Copy Code code as follows:

Configuration in IIS:

Executable file: C:/windows/microsoft.net/framework/v2.0.50727/aspnet_isapi.dll (as the actual situation changes, as in. aspx)

Remember to take that: check to see if the file exists before the tick is removed.

You can add this to any file you want to have a security chain, in fact, there is a "wildcard application mapping" in the 2003Server version of IIS6:

Add this is tantamount to all the requests to the. NET, so that the implementation of the anti-theft chain, even if it is the Thunderbolt or what other download tools are still not, under the filename is that but the content is completely not, hey ...

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More