在asp.net中限制书签/收藏夹请求（安全问题） [英] restricting bookmarks / favourites requests (security issue) in asp.net

问题描述

我有.net应用程序，当用户输入用户名&进入应用程序时密码，用户将在Chrome中创建书签或IE8中的收藏夹，当用户点击与该.net登录应用程序相关的收藏夹时，需要将用户重定向到登录页面，即使会话/表单令牌还活着，这个问题与安全性有关。



这种功能见于银行网站（www.onlinesbi.com，www.axisbank.com），



如果有人知道，请帮助我实施该程序。



谢谢

解决方案

我认为简单的 ASP.NET应用程序不能限制浏览器的整体事件，例如BookMark，Favorites等。可能有些 ActiveX 对象可以处理这些事件，但这些对象也会有自己的专业知识。利弊。



参考 ASP.NET可以做什么和不能做什么 [ ^ ]了解更多。



希望它有所帮助。

你不需要考虑用户有哪些加入书签。书签并不意味着它允许随时访问用户。您的应用程序决定是否允许访问此请求[基于某些条件]。



您正在谈论的安全性可以使用例如表单身份验证这里有一个非常基本的例子。



如何：实现简单表单身份验证[ msdn ] [ ^ ]



应用此概念后，任何未经身份验证的用户都将被重定向到登录页面。在使用安全性时，这将为您提供更高的准确性。



：



IE选项卡和IE8之间共享的ASP.NET会话状态 [ ^ ]。



asp.net - 会话 - 多个浏览器标签 - 不同会话？ [< a href =http://stackoverflow.com/questions/2840615/asp-net-session-multiple-browser-tabs-different-sessionstarget =_ blanktitle =New Window> ^ ]



我认为这就是你需要的东西。



问候......：笑：

i have .net application, when the user enters in to application by entering username & password, user will creates bookmark in chrome or favourites in IE8, when ever user clicks on favourite related to that .net logged in app, need to redirect user to login page even though session / forms token is alive, this issue related to security.

this kind of functionality saw in bank sites(www.onlinesbi.com,www.axisbank.com),

if any one knows, pls help me the procedure to implement.

thank you

解决方案

Hi,
I think simple ASP.NET application cannot restrict the browser's integral events such as "BookMark", "Favorites" etc. May be some ActiveX objects could handle those events, but again those objects will have its own pros & cons.

refer What ASP.NET Can And Cannot Do[^] for more.

hope it helps.

You dont need to think about what user has bookmarked. Bookmarking doesnt mean that it allows access to user at anytime.Its your application who decides whether to allow acces to this request or not [based on some conditions].

The security you are talking about can be easily achieved using e.g. Forms Authentication. A very basic example can be found here.

How to: Implement Simple Forms Authentication[msdn][^]

After applying this concept, Any unauthenticated user will be redirected to Login page. This will give you more accuracy while working with the security.

[EDIT]:

ASP.NET Session State shared between IE Tabs and IE8[^].

asp.net - session - multiple browser tabs - different sessions?[^]

I think this is the thing what you needed.

Regards.. :laugh:

这篇关于在asp.net中限制书签/收藏夹请求（安全问题）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！