避免用户在浏览器中输入网址导航到一个视图 [英] Avoiding user to navigate to a view by entering url in the browser
问题描述
我在我想避免用户通过输入网址进入Browser.But可以导航到该视图上点击到其作用导航到该视图按钮,浏览到一个视图的情况下被卡住。
I am stucked in a situation where I want to avoid user to navigate to a View by entering URL into the Browser.But can navigate to that view on clicking to a button whose action navigate to that view.
有关比如:我有一个HREF链接到的ActionResult(创建)。我希望用户导航到该视图(创建)该链接上单击,但是当它进入不是网址在浏览器例如(/创建)
For eg:I have a href link to an ActionResult(Create).I want the user to navigate to this view(Create) when clicked on that link but not when it enters the url in the browser like (/Create).
当我发现了一些这方面的解决方案门户网站,如:
I found some solutions on this portal like:
1)使ActionResult的私人但这会导致的Http:404找不到页面错误在两个输入URL ,浏览器和其点击导航到创建的ActionResult链接
1)Making the ActionResult private-But this results in Http:404 Page not found Error by both entering the URL in the browser and on clicking the link which navigates to Create ActionResult.
简称链接:是否我可以防止某些partialViews如果从直接要求被服务?
2)上的ActionResult Method.But使用DataAnnotaion [ChildActionOnly] 这也是多年平均值给了我想要的结果,它给了我一个错误太同样的错误HTTP:404
referred links: Is it i possible to prevent certain PartialViews from being served if requested directly? 2)Using DataAnnotaion [ChildActionOnly] on the ActionResult Method.But this also doesnot gave me the desired result,it gave me an error too.The same error HTTP:404.
3)我试图使用 ControllerContext.IsChildAction 但alwayz返回值false我是否导航到此的ActionResult的链接点击或输入网址所以我不能判断为do.if它返回一个案例true或其他虚假的我会在任何情况下都重定向解决了我的问题。
3)I tried using ControllerContext.IsChildAction but it alwayz return value false whether i navigate to this ActionResult on link click or entering the URL so I cant judge what to do.if it returns true in one case or false in other I would have solved my problem by redirecting in any case.
帮我家伙..
推荐答案
鉴于这个问题下评论的信息,你几乎肯定不希望使用Request.UrlReferrer,因为这个值的可以平凡伪造并因此不应该被用于任何安全目的。
Given the information in the comments under the question, you almost certainly do not want to use Request.UrlReferrer, as this value can be trivially spoofed and so should not be used for any security purposes.
您几乎可以肯定想看看授权过滤器(尤其是您可以使用的 AuthorizeAttribute 为起点),以防止未经授权的客户端调用操作方法。
You almost certainly want to look at Authorization filters (and in particular you can use the AuthorizeAttribute as a starting point) to prevent unauthorized clients invoking the action method.
这篇关于避免用户在浏览器中输入网址导航到一个视图的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
