asp.net Web应用程序安全问题 [英] asp.net web application security issue

问题描述

我有4页asp.net Web应用程序
第一页是登录页面..用户登录的地方
然后重定向到1.aspx，

但是当用户单击浏览器上的后退"按钮时，应用程序将重定向到页面中的logg
之后，当用户单击浏览器上的前进按钮时，它将再次重定向到1.aspx，而没有
询问ID和密码.

以及用户是否知道该页面的链接，即:1.aspx
他还可以在不提供ID，密码的情况下访问此页面
通过jst在浏览器中键入页面的URL..

我该如何防止我的应用??

就像当用户登录旅馆并轻按他的会话时会过期
并且他必须再次输入ID和密码才能访问1.aspx

并且没有人可以通过简单地提供页面的URL来访问页面

需要帮忙！ (我是初学者)

i have 4 pages asp.net web application
first page is logg in page.. where the user logg in
and then redirected to 1.aspx,

but when user click the back button on browser, application redirectd to logg in page
and after this , when user click the forward button on browser it redirects again to 1.aspx without
asking ID , password.

and also if user knows the link of the page i:e 1.aspx
he can also access this page without giving ID, password
by jst typing the URL of page in browser..

how can i prevent my app, from this??

like when user logged inn and clik back his session get expire
and he has to give ID and password again to access 1.aspx

and nobody can access the page by simply giving the URL of page

need help! (i am beginner)

推荐答案

您可以禁用后退按钮选中此链接

You can disable back button check this link How to disable browser''s back button[^]

最简单的方法是在每个事件的加载事件上使用一个方法检查用户状态的页面.他们登录后，您可以设置一个变量以指示该用户有效.将此存储在会话中，然后按时检查.如果用户未通过测试，则重定向回登录页面.简而言之，这是一个非常简单的概述，但是应该为您提供正确的方向.有很多方法可以做到这一点，因此您只需要找到适合您需求的方法即可.尝试在此处和Google上搜索会更深入地解释这一问题的文章-如果您花点时间看一下，我相信这里有一些关于网络安全的非常不错的文章.

The simplest way is to have a method on the load event of each page which checks to see what the status of the user is. Once they''ve logged in, you could set a variable to indicate that the user is valid. Store this in the Session and then check it as and when. If the user doesn''t pass the test then redirect back to the login page. Plainly, that is a very simplistic overview but should set you in the right direction. There are a lot of ways to do this so you just need to find the method that is appropriate to your requirements. Try searching here and Google for articles that will explain this in more depth - I believe there a couple of really good articles here on web security if you take some time to look.

这篇关于asp.net Web应用程序安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！