如何阻止用户从URL更改id [英] How do I prevent users from changing id from url

问题描述

嗨大家好



我将id传递给我的ActionResult，然后我注意到我可以从浏览器更改id并移动到另一条记录并修改该记录没有登录并访问它。有没有办法可以避免这种情况？也许当我改变那个ID时，它会重定向到登录页面吗？



我尝试了什么：



试图做一些小的谷歌搜索，但没有赢，然后我想可能传递一个假的或临时的Id并使用它而不是找到该记录但不确定是否会有所帮助。

解决方案

你不能阻止人们修改网址，因为你要么需要身份验证，要么使用你无法猜到的ID，比如GUID而不是序列号，但实现了登录是最安全的方式。



你不应该做的事情和放大器;花时间做| ASP.NET论坛 [ ^ ]

Hi Guys

I am passing id to my ActionResult, I then notice that I can change the id from the browser and move to another record and modify that record with out logging in and access it. Is there a way I can avoid that? maybe when I change that id it redirects to the login page rather?

What I have tried:

Tried to do some lil googling but with no win, then I was thinking of maybe passing a fake or temporary Id and use it rather to find that record but not sure if that will help.

解决方案

You can't stop people amending the url, as said you either need authentication or use ids that you can't guess, like GUIDs rather than sequential numbers, but implementing a log-in is the most secure way.

Things you shouldn't spend time doing | The ASP.NET Forums[^]

这篇关于如何阻止用户从URL更改id的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！