点滴积累【C#】---对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患!

8/3/2015来源:C#应用人气:1473

点滴积累【C#】---对上传文件的路径进行加密,以免将路径暴露在浏览器上,避免一些安全隐患!

效果:

描述:

本事例是为解决在上传或下载文件时避免将路径暴露在外。在上传时将路径进行加密保存到DataTable或数据库中,在下载是再读取DataTable中加密数据进行解密下载。

代码:

【前台代码】

 1 <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="FileUpload.aspx.cs" Inherits="FilePathEncrypt.FileUpload" %> 2  3 <!DOCTYPE html> 4  5 <html xmlns="http://www.w3.org/1999/xhtml"> 6 <head runat="server"> 7     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 8     <title></title> 9     10 </head>11 <body>12     <%--<form id="form1" runat="server" name="formFile" method="post" action="/FileUpload.aspx" target="frameFile" enctype="multipart/form-data">--%>13         <form id="form1" runat="server">14         <div>15             <%--<input type="text" id="textID" name="txtName" />--%>16             <%--<input type="file" id="fileUp" name="fileUp" />--%>&nbsp;&nbsp;<%--<input type="submit" value="确认上传" />--%>17             <%--<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>--%>18             <asp:FileUpload ID="FileUpload1" runat="server" />&nbsp;&nbsp;<asp:Button ID="Button1" runat="server" Text="确认上传" OnClick="Button1_Click" />19 20             <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" Height="132px" Width="251px" CellPadding="4" ForeColor="#333333" GridLines="None">21                 <AlternatingRowStyle BackColor="White" />22             <Columns>23                 <asp:BoundField DataField="ID" HeaderText="ID" />24                 <asp:BoundField  DataField="FileName" HeaderText="名称" />25                 <asp:BoundField  DataField="FileType" HeaderText="类型" />26                 <asp:BoundField  DataField="FilePath_Security" HeaderText="路径加密" />27                 <asp:TemplateField HeaderText="下载">28                     <ItemTemplate>29                         <asp:HyperLink ID="HyperLink1" NavigateUrl='<%# Eval("FilePath_Security") %>'  runat="server">下载</asp:HyperLink>30                     </ItemTemplate>31                 </asp:TemplateField>32             </Columns>33                 <EditRowStyle BackColor="#2461BF" />34                 <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />35                 <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />36                 <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />37                 <RowStyle BackColor="#EFF3FB" />38                 <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />39                 <SortedAscendingCellStyle BackColor="#F5F7FB" />40                 <SortedAscendingHeaderStyle BackColor="#6D95E1" />41                 <SortedDescendingCellStyle BackColor="#E9EBEF" />42                 <SortedDescendingHeaderStyle BackColor="#4870BE" />43         </asp:GridView>44         </div>45     </form>46     <iframe id="frameFile" name="frameFile" style="display: none;"></iframe>47 </body>48 </html>

【后台代码】

  1 using System;  2 using System.Collections.Generic;  3 using System.Data;  4 using System.IO;  5 using System.Linq;  6 using System.Web;  7 using System.Web.UI;  8 using System.Web.UI.WebControls;  9 using WooBase.Common; 10  11 namespace FilePathEncrypt 12 { 13     public partial class FileUpload : System.Web.UI.Page 14     { 15         PRotected void Page_Load(object sender, EventArgs e) 16         { 17  18             DataTable dt = new DataTable(); 19             dt = NewTable(); 20  21             GridView1.DataSource = dt; 22             GridView1.DataBind(); 23         } 24  25         /// <summary> 26         /// 构建DataTable 27         /// </summary> 28         /// <returns></returns> 29         public DataTable NewTable() 30         { 31             DataTable dt = new DataTable(); 32             dt.TableName = "SaveData"; 33             DataColumn col = new DataColumn("ID", typeof(Int32)); 34             col.AutoIncrement = true; 35             col.AutoIncrementSeed = 1; 36             col.AutoIncrementStep = 1; 37             dt.Columns.Add(col); 38             dt.Columns.Add("FileName", typeof(String)); 39             dt.Columns.Add("FileType", typeof(String)); 40             dt.Columns.Add("FilePath_Security", typeof(String)); 41  42             DataRow dr = dt.NewRow(); 43             dr["FileName"] = "青苹果.jpg"; 44             dr["FileType"] = ".jpg"; 45             dr["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D"; 46             dt.Rows.Add(dr); 47             DataRow dr1 = dt.NewRow(); 48             dr1["FileName"] = "青苹果.txt"; 49             dr1["FileType"] = ".txt"; 50             dr1["FilePath_Security"] = "DownLoad.aspx?cmd=6A6B41446F6E395177457A70705541344D563657736B5351417447445441485A633348326E55347A2F5854656751764C4E4A546172773D3D"; 51             dt.Rows.Add(dr1); 52  53             return dt; 54         } 55  56         protected void Button1_Click(object sender, EventArgs e) 57         { 58             string FullName = FileUpload1.PostedFile.FileName; 59             if (!string.IsNullOrEmpty(FullName)) 60             { 61                 FileInfo fi = new FileInfo(FullName); 62                 string name = fi.Name;//获取Word名称 63                 string type = fi.Extension;//获取word类型 64                 string SavePath = Server.MapPath("UploadFile\\");//word保存到文件夹下 65                 if (!Directory.Exists(SavePath))   //判断文件夹是否存在,如果不存在则创建 66                 { 67                     Directory.CreateDirectory(SavePath); 68                 } 69                 this.FileUpload1.PostedFile.SaveAs(SavePath + "\\" + name + ".wdata");//保存路径 70                 string SecurityPath = setPath("UploadFile\\" + name + ".wdata");//加密 71  72                 DataTable dt = new DataTable(); 73                 dt = NewTable(); 74                 if (name != "") 75                 { 76                     DataRow dr = dt.NewRow(); 77                     dr["FileName"] = name; 78                     dr["FileType"] = type; 79                     dr["FilePath_Security"] = SecurityPath; 80                     dt.Rows.Add(dr); 81                 } 82                 GridView1.DataSource = dt; 83                 GridView1.DataBind(); 84             } 85             else 86             { 87                 Response.Write("<script>alert('请选择文件');</script>"); 88             } 89         } 90         /// <summary> 91         /// 加密路径 92         /// </summary> 93         /// <param name="path"></param> 94         /// <returns></returns> 95         public static string setPath(string path) 96         { 97             string SetPath = ""; 98             try 99             {100                 SetPath = "DownLoad.aspx?cmd=" + Security.Encrypt_Des2(path) + "\"";101                 return SetPath;102             }103             catch (Exception ex)104             {105                 throw ex;106             }107 108         }109     }110 }

【后台加密函数代码】

 1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Text; 5 using System.IO; 6 using System.Text; 7 using System.Security.Cryptography; 8  9 namespace WooBase.Common10 {11     public class Security12     {13         //   DES     的加密方法   。   14         //   私钥加密   /   对称算法   。   15         public static string Encrypt_Des(string cleanString)16         {17             //.NET   框架提供的对称加密类需要一个密钥和一个新的   IV   来加