我如何强制用户不要跳过通过URL输入页面中一个asp.net MVC 2应用程序? [英] How do I force users to not skip pages via url input in an asp.net mvc 2 application?
问题描述
我使用ASP.NET MVC 2及VS 2008专业版。
I'm using ASP.NET MVC 2 & VS 2008 Pro.
我建立一个网站,用户必须从网页A到网页B到C.页。换句话说,顺序是非常重要的。我想防范网页A上简单地输入的页面C. URL的用户,如果用户试图做这样的,我想他们重定向回他们在他们进入之前的URL页面的东西。
I am building a web site where users must go from page A to page B to page C. In other words, the order is very important. I want to guard against a user on page A simply entering a url for page C. If the user attempted to do such a thing I'd like to redirect them back to the page they were on before they entered the url.
好像我会做这个动作过滤器,但我真的不知道我需要什么样的。我需要访问URL的用户是在和他们要的URL,就必须验证它们。
It seems like I would make an action filter for this, but I'm honestly not sure what kind I would need. I would need access to the url the user was on and the url they are going to, and would have to validate them.
思考?
修改1
这是丑陋的,但它看起来像我可以得到充分的URI,引荐和放大器;该OnActionExecuting方法的内部目标网址。我敢打赌,这可以从任何一种行为过滤器来完成。我目前正在测试这个自定义操作过滤器最初的设计来检查会话状态到期OnActionExecuting事件里面的所有。
This is ugly, but it looks like I can get the full Uri's for the referring & destination urls inside of the OnActionExecuting method. I'd wager that this could be done from any kind of action filter. I'm currently testing all of this inside of the OnActionExecuting event of a custom action filter initially designed to check session state for expiration.
LogUtil.Write("OnActionExecuting", String.Format("Referring Url: {0} \n Destination Url: {1} ",
filterContext.RequestContext.HttpContext.Request.UrlReferrer.AbsoluteUri.ToString(),
filterContext.RequestContext.HttpContext.Request.Url.AbsoluteUri.ToString() ));
LogUtil仅仅是一个自定义类,我写了写出到日志文件。
LogUtil is just a custom class I wrote that writes out to a log file.
到目前为止,这是不是pretty,但它的作品。任何人有一个更好的解决方案?
So far it isn't pretty, but it works. Anyone have a more elegant solution?
编辑2
这使得比较URL另取一个容易一点如下。我还没有尝试过这种使用途径,实际上包含的参数。在这种情况下,这可能会被揭去。
Another take that makes comparing the url's a bit easier is below. I haven't tried this using routes that actually contain parameters. In that situation, this might get thrown off.
String[] referrerSegments = filterContext.RequestContext.HttpContext.Request.UrlReferrer.Segments;
String[] destinationSegments = filterContext.RequestContext.HttpContext.Request.Url.Segments;
执行动作查找逻辑,以确保destinationSegments [destinationSegments.length-1]来后referrerSegments [referrerSegments-1]。这可能会与含有才能在应用程序中所有动作的名称静态字符串列表完成。这些索引值不应该超过1分开(即目标行动应具有加或指动作指数的值的指数减1)。
Perform action lookup logic to ensure destinationSegments[destinationSegments.length-1] comes after referrerSegments[referrerSegments-1]. This will likely be done with a static string List that contains the names of all the actions in the application in order. The index values of these shouldn't be more than 1 apart (i.e. destination action should have an index of plus or minus 1 of the value of referring action index).
思考?
编辑3
叹息。显然,当用户在页面上并手动在URL到地址栏类型的引荐信息丢失。这似乎很奇怪我的,但它意味着我只能获得url当前页面的人是
Sigh. Apparently the referrer information is lost when a user is on a page and manually types in the url into the address bar. This seems odd to me, but it means I can only get the url for the current page the person is on.
任何人有任何建议,这里除了会话?我真的,真的想尽量避免存放像这样的会议。
Anyone have any suggestions here aside from session? I really, really want to avoid storing something like this in session if possible.
推荐答案
这是动作过滤器正是你所需要的,与它们被调皮的重定向。保持它们在时间荣幸时尚进步的轨道,使用会话状态。
An Action filter is exactly what you need, with a redirect when they are being naughty. Keep track of their progress in the time honoured fashion, using the Session State.
这使你的应用程序相对无状态(相对于经典的ASP.NET)的主要部分,并保持这种逻辑的行为过滤器。
This keeps the main part of your application relatively stateless (compared to classic ASP.NET) and keeps this logic in the action filter.
另一个要考虑的:如果你的输入可能是一个长期存在的过程中,你可以在用户的进度保存到数据库或到Windows Workflow对象。只是一个想法。这将使他们能够启动一台机器上的过程,并把它捡起来在其他地方。这可能并不适用于您的方案,但它是值得考虑的一些情况。
Another consideration: If your input is potentially a long-lived process you could save the user's progress to a database or into a Windows Workflow object. Just a thought. This would enable them to start the process on one machine and pick it up elsewhere. This might not apply to your scenario, but it is worth considering in some situations.
这篇关于我如何强制用户不要跳过通过URL输入页面中一个asp.net MVC 2应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
