問題及症狀:
用手機定製或者退訂業務後,應該有訂購關係的數據插入到我們建的相應的數據表中,但是經過若干次測試始終不行,而且在IIS日誌中看到大量的如下日誌記錄:
2006-12-27 08:37:46 211.94.69.240 - 172.18.2.43 80 POST /Uni/api/SubscriptNotify.aspx - 500 RPT-HTTPClient/0.3-3
2006-12-27 08:38:47 211.94.69.240 - 172.18.2.43 80 POST /Uni/api/SubscriptNotify.aspx - 500 RPT-HTTPClient/0.3-3
2006-12-27 08:39:48 211.94.69.240 - 172.18.2.43 80 POST /Uni/api/SubscriptNotify.aspx - 500 RPT-HTTPClient/0.3-3
2006-12-27 08:40:48 211.94.69.240 - 172.18.2.43 80 POST /Uni/api/SubscriptNotify.aspx - 500 RPT-HTTPClient/0.3-3
2006-12-27 08:41:48 211.94.69.240 - 172.18.2.43 80 POST /Uni/api/SubscriptNotify.aspx - 500 RPT-HTTPClient/0.3-3
2006-12-27 08:42:48 211.94.69.240 - 172.18.2.43 80 POST /Uni/api/SubscriptNotify.aspx - 200 RPT-HTTPClient/0.3-3
............
分析:
從日誌中可以看出post請求發起的網關確實爲北京聯通的IP,也就是說網關確實已經將定製退訂的數據包發到我們的定製退訂接口,但是此時接口程序報500錯誤,而且此錯誤不停的出現。經過分析和詢問有經驗的朋友認爲才錯誤不停的出現就是因爲接口程序出錯導致沒有向聯通返回正確的響應信息造成的,因此問題的關鍵還是放在瞭如何解決接口程序報錯上。 程序用vs .net 1.1framework c#開發, 模擬測試也沒有發現問題, 於是在服務器上使用抓包工具看看當接收到聯通的post數據後,程序返回了什麼錯誤信息,由於聯通業務定製後訂購關係的同步時間有時候很長(大約5分鐘~40分鐘:我大概估算的 :S) 所以需要很耐心的等待一段時間, 抓到後,錯誤的返回包信息如下:
POST /Uni/api/SubscriptNotify.aspx HTTP/1.1
Host: api.3gpop.cn
Connection: Keep-Alive, TE
TE: trailers, deflate, gzip, compress
User-Agent: RPT-HTTPClient/0.3-3
Accept-Encoding: deflate, gzip, x-gzip, compress, x-compress
Content-type: application/x-www-form-urlencoded
Content-length: 648
HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Wed, 27 Dec 2006 08:38:47 GMT
X-Powered-By: ASP.NET
<webmethod id="service_order_to_cp"><cpcode value="91374"/><userid value="40C2DD6A7AB9813440D36393B3708055D262059E23FC006617DF31205E30EA66B355CBA5F58A4AC3DC111A3EB6CED582F34B4D5283963BD6F842E3FA64F55F1F3A951847E7730D953CB68BA95B9DCBEC7B70C62802DEBEB13CA289C60E1C9265AE976CF5F909DE6A06EB2715152B0F0248284D5F9DE623AFF4A0CA00954DF6DF"/><encryptflag value="Y"/><serviceid value="5029137403"/><ispack value="N"/><sub_type value="PER_HIT"/><orderdate value="2006-12-27 15:59:53"/><operatingtime value="2006-12-27 15:59:53"/><feeflag value="Y"/><platid value="904"/><fromflag value="01"/><stateflag value="1"/><planid value="600000000006622"/></webmethod>
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Wed, 27 Dec 2006 08:38:47 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=gb2312
Content-Length: 5260
<html>
<head>
<title>A potentially dangerous Request.Form value was detected from the client (<webmethod id="...er_to_cp"><cpcode value="91374...").</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>A potentially dangerous Request.Form value was detected from the client (<webmethod id="...er_to_cp"><cpcode value="91374...").</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
<br><br>
<b> Exception Details: </b>System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (<webmethod id="...er_to_cp"><cpcode value="91374...").<br><br>
<b>Source Error:</b> <br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code>
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code>
</td>
</tr>
</table>
<br>
<b>Stack Trace:</b> <br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (<webmethod id="...er_to_cp"><cpcode value="91374...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +240
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +122
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +128
System.Web.UI.Page.ProcessRequestMain() +2174
System.Web.UI.Page.ProcessRequest() +217
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87
</pre></code>
</td>
</tr>
</table>
<br>
<hr width=100% size=1 color=silver>
<b>Version Information:</b> Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032
</font>
</body>
</html>
<!--
[HttpRequestValidationException]: A potentially dangerous Request.Form value was detected from the client (<webmethod id="...er_to_cp"><cpcode value="91374...").
at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at System.Web.UI.Page.GetCollectionBasedOnMethod()
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain()
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
--><!--
This error page might contain sensitive information because ASP.NET is configured to show verbose error messages using <customErrors mode="Off"/>. Consider using <customErrors mode="On"/> or <customErrors mode="RemoteOnly"/> in production environments.-->
由此抓到的返回錯誤信息可以看出,500錯誤是因爲post請求當中的xml數據包含有<webmethod 等這樣的有潛在危險的標記值,而這種請求數據的有效性檢查在asp.net中是默認開啓的,信息中也建議了可以通過在<page>指令中設置validateRequest=false來關閉這個檢查。 於是按此來解決問題。
解決:
在接口程序SubscriptNotify.aspx的最上邊加上一行<%@ Page ValidateRequest="false" %>, 然後再測試,問題解決。
總結:
問題就是出在asp.net的那個ValidateRequest屬性上,可以參考一下ValidateRequest屬性的解釋在如下地址ValidateRequest 屬性。
下邊附當前聯通定製和退訂的數據包實例以供查考:
--定製--
request:
<webmethod id="service_order_to_cp"><cpcode value="91374"/><userid value="40C2DD6A7AB9813440D36393B3708055D262059E23FC006617DF31205E30EA66B355CBA5F58A4AC3DC111A3EB6CED582F34B4D5283963BD6F842E3FA64F55F1F3A951847E7730D953CB68BA95B9DCBEC7B70C62802DEBEB13CA289C60E1C9265AE976CF5F909DE6A06EB2715152B0F0248284D5F9DE623AFF4A0CA00954DF6DF"/><encryptflag value="Y"/><serviceid value="5029137403"/><ispack value="N"/><sub_type value="PER_HIT"/><orderdate value="2006-12-27 17:13:55"/><operatingtime value="2006-12-27 17:13:55"/><feeflag value="Y"/><platid value="904"/><fromflag value="01"/><stateflag value="1"/><planid value="600000000006622"/></webmethod>
response:
<webmethod id="service_order_to_cp"><result status="0" /></webmethod>
--退訂--
request:
<webmethod id="service_disorder_to_cp"><cpcode value="91374"/><userid value="40C2DD6A7AB9813440D36393B3708055D262059E23FC006617DF31205E30EA66B355CBA5F58A4AC3DC111A3EB6CED582F34B4D5283963BD6F842E3FA64F55F1F3A951847E7730D953CB68BA95B9DCBEC7B70C62802DEBEB13CA289C60E1C9265AE976CF5F909DE6A06EB2715152B0F0248284D5F9DE623AFF4A0CA00954DF6DF"/><encryptflag value="Y"/><serviceid value="5029137403"/><ispack value="N"/><sub_type value="PER_HIT"/><disorderdate value="2006-12-27 17:14:50"/><operatingtime value="2006-12-27 17:14:51"/><feeflag value="Y"/><platid value="904"/><fromflag value="11"/><stateflag value="1"/><planid value="600000000006622"/></webmethod>
response:
<webmethod id="service_disorder_to_cp"><result status="0" /></webmethod>