如何限制用户手动键入URL? [英] How do I restrict a user to type URL manually ?
问题描述
当用户登录应用程序并且他有访问权限2页时,请说Home.aspx和About.aspx。
登录后,他登陆Home。 ASPX。现在,如果他手动输入/Pages/About.aspx的网址,我想终止他的会话或将他重定向到登录页面,即使他拥有About.aspx的访问权限。
不允许手动输入网址。
i使用了表格认证:
< authentication mode = Forms >
< forms loginUrl = 〜/ Pages / Login.aspx protection = 所有 timeout = 2880 />
< / 身份验证 >
< authorization>
< allow users = ? > < / allow >
< / 授权 >
也尝试了这个但需要一些更好的解决方案
string referer = Request.ServerVariables [ HTTP_REFERER];
if ( string .IsNullOrEmpty(referer))
{
会话[ UserId] = null ;
Response.Redirect( / Pages / Login.aspx);
}
我的尝试:
我使用了表单身份验证和HTTP_REFERRER。
如果可能,我需要从IIS完成一些事情。
使用表单身份验证,您还可以使用web.config中的位置标记来定义哪些角色可以访问它们。请参见 https://support.microsoft.com/en-us/kb/316871 [ ^ ]
另一个选项,我更喜欢这个选项,就是拥有一个所有页面都继承自的基类。在该基类中,您可以编写代码以查看用户是否具有页面权限以及是否具有适当处理权限。
或者,在每个page_load中你可以查看权限。
你可以检查
Request.UrlReferrer
如果它是空的,很可能他们直接导航到该页面,如果他们来自另一个页面上的链接,该页面将在那里,你可以检查它是一个有效的从页面。
非常糟糕的主意在我看来,我只是让他们以任何他们想要的方式访问页面。
没办法。整个想法都是错误的。
如果您对浏览器的功能有所了解,您甚至不会问这个问题。很明显,根据定义,任何用户都可以随时输入任何URL。
但我会邀请你思考如果出现这样的限制会发生什么有可能。用户会怎么想?这样的人会再次访问您的网站吗?
怎么办?您可以根据用户的状态,以任何方式呈现任何页面或重定向页面。
-SA
When a user logs in the application and he has access rights 2 pages say , Home.aspx and About.aspx.
After login he lands on Home.aspx. Now if he types the url of /Pages/About.aspx manually i want to terminate his session or redirect him to login page even if he had a access rights to About.aspx.
Manual entry of URL should not be allowed whatsoever.
i have used forms authentication:
<authentication mode="Forms">
<forms loginUrl="~/Pages/Login.aspx" protection="All" timeout="2880"/>
</authentication>
<authorization>
<allow users="?"></allow>
</authorization>
Also tried this but need some more better solution
string referer = Request.ServerVariables["HTTP_REFERER"];
if (string.IsNullOrEmpty(referer))
{
Session["UserId"] = null;
Response.Redirect("/Pages/Login.aspx");
}
What I have tried:
I have used forms authentication and HTTP_REFERRER.
I need something to be done from IIS if possible.
Using forms authentication you can also use location tags in web.config to define what roles have access there. See https://support.microsoft.com/en-us/kb/316871[^]
Another option, and I prefer this one, is to have a base class that all of your pages inherit from. In that base class you can write code to see if user has permissions to page and if not to handle appropriately.
Or, in each page_load you can check the permissions.
You could check
Request.UrlReferrer
If it's empty it's likely they navigated straight to the page, if they came from a link on another page that page will be in there and you can check that it's a valid "from" page.
Pretty bad idea in my opinion though, I'd just let them access the page any way they want.
No way. The whole idea is wrong.
If you thought a little bit on what a browser does, you would not even ask this question. It's quite obvious that any user is allowed to enter any URL at any time, by definition.
But I would invite you to think what could happened if such kind of restriction was possible. What a user would think? Would such person ever visit your site again?
What to do? You have all the possibilities to present any page the way or redirect the page, depending on the user's status.
—SA
这篇关于如何限制用户手动键入URL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
