ASP.NET ÔËÐлúÖÆ×ܽá
ASP.NET ÔËÐлúÖÆ×ܽá
ÕâЩÌì¿´ÁËһЩ¹ØÓÚASP.NETµ×²ãµÄÎÄÕÂ,ÊÜÒæ·Ëdz¡£
ΪʲôҪÁ˽âÕâЩµ×²ãÄØ£¿ÎÒ¾õµÃ×öΪһ¸öϲ»¶¿ª·¢ASP.NET³ÌÐòÔ±£¬ÎÒ²»ÃDz»½öÒªÖªµÀ“Ôõô×ö”£¬ÎÒÃǸüÓ¦¸ÃÖªµÀ“ΪʲôÕâô×ö”£¬ÕâÑùµÄÎÒÃDzÅÄÜ×öµÃ¸üºÃ¡£ÕâÑùÎÒÃDzÅÄÜ°Ñ׼ȷµÄ´úÂë·ÅÖÃ׼ȷµÄλÖá£
ASP.NET ÏñÒ»¸öÈ«×Ô¶¯µÄÏ´³µ·¿£¬³µ¿ª½ø³µ·¿²¢Í¨¹ý²ã²ãÏ´Ë¢£¬×îºó³öÀ´Ò»²¿ÉÁÁÁµÄ³µ¡£
IISά»¤×ÅÒ»¸öÓ³Éä±í£¨Í¼1£©ÓÃÀ´Ö¸¶¨£ºÊ²Ã´ÑùµÄÇëÇóÓÉʲô³ÌÐòÀ´´¦Àí¸ÃÇëÇ󣬱ÈÈç˵£ºËùÇëÇó×ÊÔ´µÄÀ©Õ¹ÃûΪ.aspµÄÇëÇó£¬ÓÉ"asp.dll" ´¦Àí¸ÃÇëÇó£¬Õâ¸ö“DLL”Îļþ³ÆΪISAPIÀ©Õ¹³ÌÐò¡£
£¨Í¼1£©
µ±Ò»¸öÇëÇó´Óä¯ÀÀÆ÷·¢³ö£¬µ½´ï·þÎñÆ÷¶Ë£¬IISÊÕµ½¸ÃÇëÇó¡£IIS¸ù¾ÝËùÇëÇó×ÊÔ´µÄÀ©Õ¹Ãû£¬½«¸ÃÇëÇóת½»¸øÏàÓ¦µÄISAPIÀ©Õ¹³ÌÐòÀ´´¦Àí¡£ÄÇÀ©Õ¹ÃûΪ.aspxµÄÇëÇóÊÇÔõôÑùµÄÄØ£¿Í¬ÑùÒ²ÊÇÓÉÏàÓ¦µÄISAPI´¦Àí¸ÃÇëÇó,Ò²¾ÍÊÇaspnet_isapi.dll£¬µ«ÕâÖ»ÊǵÚÒ»Õ¾£¬aspnet_isapi »¹Òª½«¸ÃÇëÇóת½»¸øASP.NETÀ´´¦Àí¡£ÈçÏÂͼ(2)¡£
£¨Í¼2£©
IISÔËÐÐÔÚÒ»¸öInetInfo.exeµÄ½ø³ÌÖУ¬IISÊÕµ½À©Õ¹ÃûΪ.aspxÇëÇóºó£¬¼ÓÔØASP.NET ISAPI---"aspnet_isapi.dll"£¬ASP.NET ISAPI »áÆô¶¯Ò»¸öÃûΪ"aspnet_wp.exe"µÄ¹¤×÷½ø³Ì£¬“aspnet_wp.exe”Æô¶¯Ê±»á¼ÓÔØCLR¡¢´´½¨appDomain£¬ÔÚ´´½¨¶ÔappDomainʱ»áʵÀý»¯Ò»¸öÃûΪISAPIRuntimeÀ࣬ISAPIRuntimeÊÇAsp.netÓëasp.net ISAPIͨÐŵÄÇÅÁº¡£IISÓëASP.NET ISAPI¶¼ÊÇ·ÇÍйܳÌÐò£¬¶øASP.NET HttpRuntimeÔòÊÇÒ»¸öÍйܳÌÐò£¬ASP.NET ISAPI ͨ¹ýCOMµÄ·½Ê½ÓëASP.NET Http Runtime»ùÓÚÃüÃû¹ÜµÀͨÐÅ¡£ISAPIRuntimeÊÇÒ»¸öÌØÊâµÄÀ࣬ËüʵÏÖ½Ó¿ÚIISAPIRuntime£¬¸Ã½Ó¿Ú»ùÓÚCOM¡£ËùÒÔ˵·ÇÍйܳÌÐò¿ÉÒÔÒÔCOMµÄ·½Ê½·ÃÎÊ¡£
Code
[ComImport, Guid("08a2c56f-7c16-41c1-a8be-432917a1a2d1"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IISAPIRuntime
{
void StartProcessing();
void StopProcessing();
[return: MarshalAs(UnmanagedType.I4)]
int ProcessRequest(
Ïà¹ØÎĵµ£º
µÚÒ»Õ ASP.NET Ajax¼ò½é
1.1ʲôÊÇAjax
Ò»£®Ê²Ã´ÊÇAjax
AjaxÊÇAsynchronous JavaScript and XML(Òì²½JavaScript ºÍXML)µÄËõд£¬ÓÉÖøÃûÓû§ÌåÑéר¼ÒJesse-James GarrettÔÚ2005Äê2ÔÂ18ÈÕ·¢±íµÄһƪÃûΪAjax:a New Approach to Web ApplicationsÎÄÕÂÖÐÊ×ÏÈÌá³ö¡£
Ajax²¢²»ÊÇÖ»°üº¬JavaScri ......
Trustwave's SpiderLabs Security Advisory TWSL2010-001:
Multiplatform View State Tampering Vulnerabilities
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frame ......
using System;
using System.ComponentModel;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace ZZZ.WebControls
{
[DefaultProperty("Text"), ToolboxData("<{0}:PageNavigate runat=\"server\" />")]
public class PageNavigate : WebControl, IPostBackEventHandler
{
......
ÔÚʹÓÃasp.net±àдwebserviceʱ£¬Ä¬ÈÏÇé¿öÏÂÊDz»Ö§³ÖsessionµÄ£¬µ«ÎÒÃÇ¿ÉÒÔ°ÑWebMethodµÄEnableSessionÑ¡ÏîÉèΪtrueÀ´ÏÔʽµÄ´ò¿ªËü£¬Çë¿´ÒÔÏÂÀý×Ó£º
1 н¨ÍøÕ¾WebSite
2 н¨web·þÎñWebService.asmx£¬Ëü¾ßÓÐÒÔÏÂÁ½¸ö·½·¨£º
C#-Code:
[WebMethod(EnableSession = true)]
public string Login( ......
Asp.netµÄÉí·ÝÑéÖ¤ÓÐÓÐÈýÖÖ£¬·Ö±ðÊÇ"Windows | Forms | Passport"£¬ÆäÖÐÓÖÒÔFormsÑéÖ¤ÓõÄ×î¶à£¬Ò²×îÁé»î¡£
Forms ÑéÖ¤·½Ê½¶Ô»ùÓÚÓû§µÄÑéÖ¤ÊÚȨÌṩÁ˺ܺõÄÖ§³Ö£¬¿ÉÒÔͨ¹ýÒ»¸öµÇ¼ҳÃæÑéÖ¤Óû§µÄÉí·Ý£¬½«´ËÓû§µÄÉí·Ý·¢»Øµ½¿Í»§¶ËµÄCookie£¬Ö®ºó´ËÓû§ÔÙ·ÃÎÊÕâ¸öwebÓ¦ÓþͻáÁ¬Í¬Õâ¸öÉí·ÝCookieÒ»Æð·¢Ë͵½·þÎñ¶ ......
