A more comprehensive asp.net submission verification scheme

Source: Internet
Author: User
Tags commit datetime httpcontext session id net string variable trim
The following is a feature extension to the "Commit validation" class for this build. NET "partial class" or "extension method" technology can be easily implemented, where the "partial class" technology is used:

refers to the namespace of the generated Ado.net Entity Framework data model, and is declared as a partial class.
Write a static constructor and a static property:

Static commit validation ()
{
Expiration time difference = 3;
}

<summary>
Used to calculate the expiration time in minutes
</summary>
public static double timeout value
{
Get
{
Return _ Expired time difference;
}
Set
{
_ Expiration Time difference value =value;
}
}
private static Double _ expired time difference;

To write a method for adding validation information:

<summary>
Add a new validation information, note that before you should assign a value to any variable in the session, otherwise SessionID will randomly change and cannot pass validation
</summary>
<param name= "Authenticode" > Verification code to be saved </param>
<returns> Verification Information id</returns>
public static Guid Add (string authentication code)
{
var a = new commit validation
{
ID = Guid.NewGuid (),
Session id = HttpContext.Current.Session.SessionID,
whether = False has been committed,
Verification Code = Verification Code,
Expiration = DateTime.Now.AddMinutes (Expiration time difference)
};
using (commondbentities c=new commondbentities ())
{
C.addto Submission Validation (a);
C.savechanges ();
}
return a.id;
}

This method returns the GUID of the added validation information, noting that the session must have been assigned a value before executing this method, and SessionID will be random, which would allow subsequent validation functions to assume that the client was hijacked.
How to obtain authentication information:

<summary>
Obtaining authentication information by ID
</summary>
<param name= "ID" > Authentication information id</param>
<returns> Validation Information </returns>
public static commit authentication Fetch (Guid ID)
{
Try
{
Submit validation A;
using (commondbentities c = new Commondbentities ())
{
A = c. Submit Validation. A (f => f.id = = ID);
}
return A;
}
catch {return null;}
}

To verify how users submit information:

<summary>
Verify that the validation code entered by the user is correct
</summary>
<param name= "ID" > Authentication information id</param>
<param name= "Authenticode" > user input Verification Code </param>
<returns> returns an error message, such as return null</returns> if the validation succeeds
public static string validation (Guid ID, string Verification code)
{
var validation information = commit validation. get (ID);
if (authentication information = NULL) return "Authentication information is invalid or expired";
else if (validation information, expiration < DateTime.Now) Return "Verify information has expired";
else if (validation information, whether submitted) return "information has been submitted";
else if (authentication information. Session Id.trim ()!= HttpContext.Current.Session.SessionID) Return "Verify information is illegally hijacked";
else if (authentication information. Verification code. Trim (). ToLower ()!= Verification code. ToLower ()) return "validation code error";
else return null;
}

To mark the submitted information and to clean up timeout information:

<summary>
Sets the authentication information for the specified ID to committed
</summary>
<param name= "ID" > Authentication information id</param>
public static void is set to committed (Guid ID)
{
using (commondbentities c = new Commondbentities ())
{
var a = c. Commit validation. A (f => f.id = = ID);
A. Submitted = true;
C.savechanges ();
}
Clean up (false);
}

<summary>
Clean up stale old data in the database
</summary>
<param Name= "Clean up committed data" > whether or not to clean up the submitted data, only the expired data </param>
<returns> The total amount of data to be affected </returns>
public static int Cleanup (bool whether to clean up committed data)
{
int x = 0;
using (commondbentities c = new Commondbentities ())
{
var a = c. Commit validation. Where (f => F. Expiration < DateTime.Now | | (Do you want to clean up the submitted data? F. Submitted: false));
foreach (Commit validation f in a)
{
C.deleteobject (f);
}
X=c.savechanges ();
}
return x;
}

The timeout information is cleaned up conveniently in the set of committed methods.
At this point, the validation class is written.
Next look at how to use, first create a page like this:



As mentioned earlier, the validation information ID is sent to the client in plaintext, which is saved in the HiddenField control.
CustomValidator is used to display error prompts.
The following is the code for the page load event:



Notice that the session variable is set before calling the function that added the validation information to ensure that the SessionID does not change again.
The code for generating validation pictures is everywhere, and this is not tiring, as long as you get the GUID through the URL parameter "ID", and then get the corresponding CAPTCHA to start the build work.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.