如何在安全页面上禁用书签 [英] How to disable bookmarking on secured pages

问题描述

在ASP.NET MVC4 Web应用程序中，如何防止在安全页面上添加书签。一种选择是我们可以使用状态管理技术将安全的bookmaked页面重定向到登录页面或会话过期的自定义页面。

但是有没有办法防止书签本身而不在客户端浏览器中进行任何设置？



我的尝试：



我们尝试过会话管理技巧如问题中所述。

In the ASP.NET MVC4 web application, how can I prevent the bookmarking on secured page. One option is we can redirect the secured bookmaked pages to login page or session expired custom page with the state management techniques.
But is there any way to prevent bookmarking itself without making any settings in the client browser?

What I have tried:

We have tried session management techniques as mentioned in the question.

推荐答案

您无法阻止网站标记您的网址。无论如何，我总是可以简单地复制网址并将其保存在文本文件中。您需要改变您对网站的看法，并妥善处理一切都是公开的事实，您不能限制或停止用户操作，您无法禁用浏览器功能等。

You can't prevent a site from book marking your urls. I could always simply copy the url and save it in a text file anyway. You need to change the way you think about websites and properly deal with the fact that everything is public and you can't restrict or stop the user doing things, you can't disable browser features etc.

好吧，如果您不希望用户转到特定地址，那么不要为每个页面使用不同的地址。



但是，您必须实施自己的代码才能发送到适当的控制器和操作。



通常，您不会关心它，只是验证参数对当前登录的用户有效。



另一种方法可以降低用户节省的可能性书签将使用iframe并将该页面放在iframe中，以便不向用户直接显示合理的地址。



显然，这不是很安全，但它可以很容易地保存所需的URL并且更难以保存不需要的URL。

Well, if you don't want user to go to specific address, then don't use distinct address for each page.

However, you would have to implement your own code to dispatch to appropriate controller and action.

Usually, you would not care about that and simply validate that the parameters are valid for the currently logged user.

Another way to make it less likely that the user would save a bookmark would be to use an iframe and put that page in an iframe so that the sensible address is not directly shown to the user.

Obviously, this is not very secure but it might to make easy to save desired URL and harder to save undesired one.

You can't keep a site from book denoting your urls. I could simply essentially duplicate the url and spare it in a content document at any rate. You have to change the way you consider sites and legitimately manage the way that everything is open and you can't confine or stop the client doing things, you can't cripple program highlights and so on.

这篇关于如何在安全页面上禁用书签的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！