RequestValidationSource 枚举

定义

指定要验证何种 HTTP 请求数据。Specifies what kind of HTTP request data to validate.

public enum class RequestValidationSource
public enum RequestValidationSource
type RequestValidationSource = 
Public Enum RequestValidationSource
继承
RequestValidationSource

字段

Cookies 2

请求 Cookie。The request cookies.

Files 3

上载的文件。The uploaded file.

Form 1

窗体值。The form values.

Headers 7

请求标头。The request headers.

Path 5

虚拟路径。The virtual path.

PathInfo 6

HTTP PathInfo 字符串(URL 路径的扩展)。An HTTP PathInfo string, which is an extension to a URL path.

QueryString 0

查询字符串。The query string.

RawUrl 4

原始 URL。The raw URL. (域后的 URL 部分。)(The part of a URL after the domain.)

示例

下面的示例演示如何创建自定义请求验证程序类, 该类只允许使用特定字符串作为查询字符串值。The following example shows how to create a custom request validator class that allows only a specific string for query-string values.

Imports System.Web  
Imports System.Web.Util  
  
Public Class CustomRequestValidation  
    Inherits RequestValidator  
  
Protected Overloads Overrides Function IsValidRequestString( _  
        ByVal context As HttpContext, _  
        ByVal value As String, _  
        ByVal requestValidationSource__1 As RequestValidationSource, _  
        ByVal collectionKey As String, _  
        ByRef validationFailureIndex As Integer) As Boolean  
    validationFailureIndex = -1  
    ' Set a default value for the out parameter.  
    ' This application does not use RawUrl directly, so you can   
    ' ignore the check for RequestValidationSource.RawUrl.  
    If requestValidationSource = RequestValidationSource.RawUrl Then  
        Return True  
    End If  
  
    ' Allow the query-string key "data" to have an XML-like value.  
    If (requestValidationSource = _  
            (RequestValidationSource.QueryString) AndAlso _  
            (collectionKey = "data") Then  
        ' The querystring value "<example>1234</example>" is allowed.  
        If value = "<example>1234</example>" Then  
            validationFailureIndex = -1  
            Return True  
        Else  
            ' Leave any further checks to ASP.NET.  
            Return MyBase.IsValidRequestString(context, value, _  
                requestValidationSource__1, collectionKey, _  
                validationFailureIndex)  
        End If  
    Else  
        ' All other HTTP input checks fall back to   
        ' the base ASP.NET implementation.  
        Return MyBase.IsValidRequestString(context, value, _  
            requestValidationSource__1, collectionKey, _  
            validationFailureIndex)  
    End If  
End Function  
End Class  
using System;  
using System.Web;  
using System.Web.Util;  
  
public class CustomRequestValidation : RequestValidator  
{  
    public CustomRequestValidation() {}  
  
    protected override bool IsValidRequestString(  
        HttpContext context, string value,   
        RequestValidationSource requestValidationSource, string collectionKey,   
        out int validationFailureIndex)  
    {  
        //Set a default value for the out parameter.  
        validationFailureIndex = -1;  
  
        // This application does not use RawUrl directly,   
        // so you can ignore the check for RequestValidationSource.RawUrl.  
        if (requestValidationSource == RequestValidationSource.RawUrl)  
            return true;  
  
        // Allow the query-string key "data" to have an XML-like value.  
        if (  
            (requestValidationSource == RequestValidationSource.QueryString) &&  
            (collectionKey == "data")  
           )  
        {  
            // The querystring value "<example>1234</example>" is allowed.  
            if (value == "<example>1234</example>")  
            {  
                validationFailureIndex = -1;  
                return true;  
            }  
            else  
           // Leave any further checks to ASP.NET.  
                return base.IsValidRequestString(context, value,   
                requestValidationSource, collectionKey, out   
                validationFailureIndex);  
        }  
        // All other HTTP input checks fall back to   
        // the base ASP.NET implementation.  
        else  
        {  
            return base.IsValidRequestString(context, value,   
                requestValidationSource, collectionKey,   
                out validationFailureIndex);  
        }  
    }  
}  

下面的示例演示如何将 ASP.NET 配置为使用自定义验证程序。The following example shows how to configure ASP.NET to use the custom validator.

<httpRuntime requestValidationType="CustomRequestValidation" />  

注解

可以通过实现RequestValidator类型来创建自定义请求验证类型。You can create a custom request validation type by implementing the RequestValidator type. 当 ASP.NET 调用IsValidRequestString方法来验证请求时, ASP.NET 会传递一个requestValidationSource参数来指定要验证的数据源。When ASP.NET calls the IsValidRequestString method to validate a request, ASP.NET passes a requestValidationSource parameter to specify the source of the data being validated. RequestValidationSource枚举用于指定正在验证的请求数据的源或类型。The RequestValidationSource enumeration is used to specify the source or kind of request data that is being validated. 枚举指示在value IsValidRequestString方法的参数中传递的 HTTP 输入的类型。The enumeration indicates the type of HTTP input that is passed in the value parameter of the IsValidRequestString method. 如果你不想使用自定义逻辑进行验证, 则可以使用枚举作为回退到 HTTP 输入的基本请求验证实现的方法。You can use the enumeration as a way to fall back to the base request validation implementation for HTTP inputs if you do not want to validate using custom logic.

下表显示了collectionKey如何为RequestValidationSource枚举的每个value成员解释RequestValidator.IsValidRequestString方法的和参数的值。The following table shows how the value of the collectionKey and value parameter of the RequestValidator.IsValidRequestString method are interpreted for each member of the RequestValidationSource enumeration.

枚举成员Enumeration member collectionKey 参数collectionKey parameter value 参数value parameter
Cookies 集合中的 cookie 的名称。The name of the cookie in the collection. 集合中的值。The value in the collection.
Files 集合中已上传的文件的名称。The name of the uploaded file in the collection. 集合中上载的文件的值。The value of the uploaded file in the collection.
Form 集合中的窗体参数的名称The name of the form parameter in the collection 集合中的窗体参数的值。The value of the form parameter in the collection.
Headers 集合中的 HTTP 标头的名称。The name of an HTTP header in the collection. 集合中的 HTTP 标头的值。The value of the HTTP header in the collection.
Path null(Path不是值的集合)。null (Path is not a collection of values). "路径" 字段的值。The value of the Path field.
PathInfo null(PathInfo不是值的集合)。null (PathInfo is not a collection of values). PathInfo 字段的值。The value of the PathInfo field.
QueryString 集合中的查询字符串参数的名称。The name of the query-string parameter in the collection. 集合中的查询字符串参数的值。The value of the query-string parameter in the collection.
RawUrl null(RawUrl不是值的集合。)null (RawUrl is not a collection of values.) RawUrl 字段的值。The value of the RawUrl field.

适用于

另请参阅