使用HTTPWebrequest (multipart/form-data)发布一个文件会给出一个错误(一个潜在的危险请
本文关键字:一个 错误 危险 multipart HTTPWebrequest form-data 使用 文件 布一个 | 更新日期: 2023-09-27 18:02:25
我想发送一个文件使用http post到mvc web应用程序。该文件包含html标记。下面是我试过的代码。
public void PostMultipleFiles(string url, string[] files)
{
string boundary = "----------------------------" + DateTime.Now.Ticks.ToString("x");
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(url);
httpWebRequest.ContentType = "multipart/form-data; boundary=" + boundary;
httpWebRequest.Method = "POST";
httpWebRequest.KeepAlive = true;
httpWebRequest.Credentials = System.Net.CredentialCache.DefaultCredentials;
Stream memStream = new System.IO.MemoryStream();
byte[] boundarybytes =System.Text.Encoding.ASCII.GetBytes("'r'n--" + boundary +"'r'n");
string formdataTemplate = "'r'n--" + boundary + "'r'nContent-Disposition: form-data; name='"{0}'";'r'n'r'n{1}";
string headerTemplate = "Content-Disposition: form-data; name='"{0}'"; filename='"{1}'"'r'n Content-Type: application/octet-stream'r'n'r'n";
memStream.Write(boundarybytes, 0, boundarybytes.Length);
for (int i = 0; i < files.Length; i++)
{
string header = string.Format(headerTemplate, "file" + i, files[i]);
//string header = string.Format(headerTemplate, "uplTheFile", files[i]);
byte[] headerbytes = System.Text.Encoding.UTF8.GetBytes(header);
memStream.Write(headerbytes, 0, headerbytes.Length);
FileStream fileStream = new FileStream(files[i], FileMode.Open,
FileAccess.Read);
byte[] buffer = new byte[1024];
int bytesRead = 0;
while ((bytesRead = fileStream.Read(buffer, 0, buffer.Length)) != 0)
{
memStream.Write(buffer, 0, bytesRead);
}
memStream.Write(boundarybytes, 0, boundarybytes.Length);
fileStream.Close();
}
httpWebRequest.ContentLength = memStream.Length;
Stream requestStream = httpWebRequest.GetRequestStream();
memStream.Position = 0;
byte[] tempBuffer = new byte[memStream.Length];
memStream.Read(tempBuffer, 0, tempBuffer.Length);
memStream.Close();
requestStream.Write(tempBuffer, 0, tempBuffer.Length);
requestStream.Close();
try
{
WebResponse webResponse = httpWebRequest.GetResponse();
Stream stream = webResponse.GetResponseStream();
StreamReader reader = new StreamReader(stream);
string var = reader.ReadToEnd();
}
catch (Exception ex)
{
response.InnerHtml = ex.Message;
}
httpWebRequest = null;
}
但是当请求接收到mvc应用程序时,发生了异常。异常-"一个潜在危险的请求。从客户端检测到表单值"。这个异常的原因是什么,我如何发布这个文件?
你可以用AllowHtml属性来修饰这个动作:
[AllowHtml]
public void PostMultipleFiles(string url, string[] files)
注意,这可能是一个潜在的安全风险!