我有一个ASP.NET MVC 4应用程序,它在内部使用了很长的链接
Server.TransferRequest(url, true);
网址长度约为180,000个字符。用户的地址栏永远不会看到它,但稍后会在内部使用。
但是,这个长网址会导致ArgumentException
,特别是:
Value does not fall within the expected range.
ThrowExceptionForHRInternal
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Runtime.InteropServices.Marshal
Void ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode)
at System.Web.Util.Misc.ThrowIfFailedHr(Int32 hresult)
at System.Web.Hosting.IIS7WorkerRequest.ScheduleExecuteUrl(String url, String queryString, String method, Boolean preserveForm, Byte[] entity, NameValueCollection headers, Boolean preserveUser)
at System.Web.HttpServerUtility.TransferRequest(String path, Boolean preserveForm, String method, NameValueCollection headers, Boolean preserveUser)
at System.Web.HttpServerUtilityWrapper.TransferRequest(String path, Boolean preserveForm)
在MSDN上似乎没有关于抛出此异常的文档,也无法找到增加长度的方法。我试图在Web.Config中修改这两个选项无济于事:
<requestLimits maxUrl="2097151" maxQueryString="2097151" />
<httpRuntime maxUrlLength="2097151" maxQueryStringLength="2097151" enableVersionHeader="false" />
这适用于内部Web应用程序,因此URL长度向量的攻击不是一个大问题。
有谁知道如何避免这个问题?
更新
我修改了代码以删除长查询字符串部分并将其放入标题中,并使用如下调用:
Server.TransferRequest(url, true, this.Request.HttpMethod, this.Request.Headers);
标题现在包含非常长的查询字符串。例外改为:
Overflow or underflow in the arithmetic operation.
(System.ArithmeticException)
ThrowExceptionForHRInternal
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Runtime.InteropServices.Marshal
Void ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode)
at System.Web.Util.Misc.ThrowIfFailedHr(Int32 hresult)
at System.Web.Hosting.IIS7WorkerRequest.ScheduleExecuteUrl(String url, String queryString, String method, Boolean preserveForm, Byte[] entity, NameValueCollection headers, Boolean preserveUser)
at System.Web.HttpServerUtility.TransferRequest(String path, Boolean preserveForm, String method, NameValueCollection headers, Boolean preserveUser)
at System.Web.HttpServerUtilityWrapper.TransferRequest(String path, Boolean preserveForm, String method, NameValueCollection headers)