拒绝采取行动法直接URL访问 [英] Deny direct URL access to action method

问题描述

我试图找到一种方式来拒绝我的行动方法的任何直接访问。基本上我想要什么我的用户在点击链接，而不是浏览直接输入网址进入在其浏览器的地址栏。

I'm trying to find a way to deny any direct access to my action methods. Basically what I want my users to click on links to navigate instead of typing the URL directly into the address bar in their browsers.

现在我知道这可以通过检查请求对象的urlreferrer进行，但是这是一种不可靠的，弱，因为urlreferrer可以很容易地修改，一些安全套件实际上从请求删除它。

Now I know this can be done by checking the urlreferrer in the request object but this is kind of unreliable and weak because the urlreferrer can easily be modified and some of the security suites actually remove it from the request.

因此​​，没有任何的你知道的一种方式在asp.net MVC3做到这一点？

So does any of you know of a way to do this in asp.net mvc3?

推荐答案

我不知道，但也许这个提议可以帮你老兄
让觉得你有一个这样的网址

i am not sure but maybe this offer can help you dude lets think you have a url like this

www.yoursite.com/home.aspx

好吗？为避免你的用户直接眉头此页面，您可以重写你url可像这样

ok? to avoid your user to directly brows this page you can rewrite you url like this

www.yoursite.com/fdmf489ruv30/home.aspx

和此URL中的部分fdmf489ruv30是一个唯一字符串创建它在session_start，并会破坏它Session_End中

and in this url the part "fdmf489ruv30" is a unique string that you created it on session_start and will destroy it on session_end

你得到它还是需要这个想法更多的描述？
你可以搜索这种URL重写的纨绔子弟。

do you get it or need more description about this idea?! you can search this kind of url rewriting dude.

这篇关于拒绝采取行动法直接URL访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！