FxCop 告诉我使用 .Net Uri 类是错误的吗?
当获取 Amazon S3 存储桶中某个内容的 URL 时,它可以在末尾附加一个签名,以确认用户有权查看该对象,并且 URL 如下所示:
https://mybucket.amazonaws.com/mykey?AWSAccessKeyId=myaccesskey& 过期=1235241261&签名=t5vFBWXaN0DvVaWfck9n2%2fmTzOU%3d
这些 URL 作为字符串对象从我的 S3 库返回,我就这样传递它们。 最近,我通过 FxCop 运行了我的代码,它建议我使用 Uri
类来传递 URL。 我采纳了 FxCops 的建议,并将 URL string
属性更改为 Uri
属性。 一切似乎都工作正常,直到很久以后我注意到并非所有对象都被成功取回。
问题的原因是 Uri
类 ToString()
函数将返回略有不同的 URL 版本:
https://mybucket.amazonaws.com/mykey?AWSAccessKeyId=myaccesskey& 过期=1235241261&签名=t5vFBWXaN0DvVaWfck9n2/mTzOU=
我的解决方案是使用 Uri
类的 OriginalString
属性。 但感觉有些不对劲,我有两个问题,
- 我是否应该采纳 FxCops 的建议并使用
Uri
类? - 亚马逊是否应该意识到 URL 可能会经过很多人之手,而不是依赖于它们以完全相同的方式返回?
对于使用 .Net Uri 类,我可以确定我的 URL 始终有效,但它似乎可能会出现更微妙的错误。
When getting a URL for something in an Amazon S3 bucket it can append a signature to the end to confirm that the user has permission to view the object and the URL looks like so:
https://mybucket.amazonaws.com/mykey?AWSAccessKeyId=myaccesskey&
Expires=1235241261&Signature=t5vFBWXaN0DvVaWfck9n2%2fmTzOU%3d
These URLs were coming back from my S3 library as string objects and I passed them around like that. Recently I ran my code through FxCop and it recommended that I use the Uri
class to pass around URLs. I took FxCops advice and changed my URL string
properties to Uri
properties. Everything seemed to be working fine until much later I noticed that not all the objects were being fetched back successfully.
The reason for the problem was that the Uri
class ToString()
function would return a slightly different version of the URL:
https://mybucket.amazonaws.com/mykey?AWSAccessKeyId=myaccesskey&
Expires=1235241261&Signature=t5vFBWXaN0DvVaWfck9n2/mTzOU=
My solution was to use the OriginalString
property of the Uri
class. But something feels wrong about this and I have two questions,
- Should I have taken FxCops advice and used the
Uri
class? - Should Amazon realize that URLs may pass through many hands and not depend on them coming back exactly the same?
For using the .Net Uri class I can be sure that my URLs are always valid but it seems to make more subtle mistakes possible.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
FxCop 建议使用 Uri 类而不是原始字符串并没有错。 使用 Uri 类提供类型安全和几种有用的解析方法。
System.Uri 会自动对查询字符串进行一些编码和解码。 听起来您没有预料到这种行为,并且它导致了一些问题。 我建议根据 HTTP 标准检查 URI 中应转义哪些字符。
这是一篇维基百科文章,更详细地描述了 百分比编码 或 URL 编码。
您的具体问题是
%2f
是 URL 中正斜杠/
字符的转义序列。 System.Uri 类为您解码了该序列。当然,System.Uri 并不完美。 Rick Strahl 最近在他的博客上讨论了Uri 字符串编码的不同选项。
It's not wrong of FxCop to suggest using the Uri class instead of a raw string. Using the Uri class provides type safety and several useful parsing methods.
System.Uri does do some encoding and decoding of the query string automatically. It sounds like you weren't expecting that behavior, and it caused some problems. I'd recommend checking out what characters should be escaped in URIs according to the HTTP standard.
Here's a wikipedia article that describes percent-encoding or URL-encoding in more detail.
Your specific issue is that
%2f
is an escape sequence in a URL for the forward slash/
character. The System.Uri class decoded that sequence for you.System.Uri isn't perfect, of course. Rick Strahl recently talked about different options for Uri string encoding on his blog.
我同意 dthrasher 的观点。 FxCop 并没有错。 但 FxCop 没有告诉您使用 System.Uri 时可能会遇到的痛苦,尤其是使用 ASP.NET。 我刚刚写了一篇文章,它将帮助您更好地准备使用此类,这可能有点令人困惑:
http://web.archive。 org/web/20091015051451/http://www.pluralsight.com/community/blogs/keith/archive/2009/10/10/did-fxcop-tell-you-to-use-system-uri.aspx
I agree with dthrasher. FxCop wasn't wrong. But what FxCop doesn't tell you is the pain you may experience you use System.Uri, especially with ASP.NET. I just wrote up an article that will help you get better prepared to use this class, which can be somewhat confusing:
http://web.archive.org/web/20091015051451/http://www.pluralsight.com/community/blogs/keith/archive/2009/10/10/did-fxcop-tell-you-to-use-system-uri.aspx