限制问题 [英] restriction problem

问题描述

我在某个项目中有一个登录页面。

i have a login page in some project.

从这里重定向到另一个包含esri的项目查看者名称为
index.html 。

from here am redirecting to some another project which contains esri viewer name as index.html.

以管理员身份登录，将管理员名称作为查询字符串传递给该index.html页面。

whn am login as admin am passing the admin name as query string to that index.html page.

我的问题是在登录后复制该URL（http：// localhost：53552 / index.htm？id = admin）。

my problem is whn am copy that url after login (http://localhost:53552/index.htm?id=admin).

whn我注销并打开新的浏览器并粘贴此链接，它将重定向到该页面。

whn am logout and open new browser and paste this link it is redirect to that page.

但我的要求是限制该链接而不登录。

but my requierment is restrict that link without login.

这是我的web.config文件（index.html项目中的这个web.config）

<？xml version =" 1.0"？>

< configuration>

<?xml version="1.0"?>
<configuration>

  <！ - < appSettings>

    < add key =" AdvancedSearch" value =" http：// localhost：62460 / index.htm " />

  < / appSettings> - >

   

 < system.serviceModel>

  < behavior>

   < serviceBehaviors>

    < behavior name ="">

     < serviceMetadata httpGetEnabled = " true" />

     < serviceDebug includeExceptionDetailInFaults =" false" />

     ;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; <！ - 标注尺寸 - ><！ -

          < dataContractSerializer maxItemsInObjectGraph =" 2147483647" />
$
          < serviceThrottling maxConcurrentSessions =" 2147483647" maxConcurrentInstances = QUOT; 2147483647" />&NBSP;&NBSP;&NBSP;


          - ><！ - *********************** - >

     < / behavior>

   < / serviceBehaviors>

  < / behaviors>

  < serviceHostingEnvironment multipleSiteBindingsEnabled =" true" />

  < bindings>

   < basicHttpBinding>

    < binding name =" BasicHttpBinding_IService1" maxBufferSize =" 2147483647"

     maxReceivedMessageSize =" 2147483647">

     < security mode ="无" />
$
    < / binding>

   < / basicHttpBinding>

  < / bindings>

   

  < client>

   < endpoint address =" http：//csslsystem-362/WcfService1/Service1.svc " binding =" basicHttpBinding"

    bindingConfiguration = QUOT; BasicHttpBinding_IService1" contract =" ServiceReference1.IService1"

   名称= QUOT; BasicHttpBinding_IService1" />

  < / client>

   

 < /system.serviceModel>

 < system.web>

  < compilation debug = " true" />

    <！ - <认证&NBSP;模式= QUOT;表单">&NBSP;&NBSP;&NBSP;&NBSP;


      < forms loginUrl =" Logon.aspx"名称= QUOT; .ASPXFORMSAUTH" defaultUrl = QUOT; index.htm的" />&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;


    < /认证> - >&NBSP;

      <授权>

        <拒绝用户="？" />

        < allow users =" *" />

      < / authorization>

  < /system.web>

 

< / configuration>

  <!--<appSettings>
    <add key="AdvancedSearch" value="http://localhost:62460/index.htm" />
  </appSettings>-->
   
 <system.serviceModel>
  <behaviors>
   <serviceBehaviors>
    <behavior name="">
     <serviceMetadata httpGetEnabled="true"/>
     <serviceDebug includeExceptionDetailInFaults="false"/>
          <!--TAG FOR THE SIZE--><!--
          <dataContractSerializer maxItemsInObjectGraph="2147483647" />
          <serviceThrottling maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" />   
          --><!--***********************-->
    </behavior>
   </serviceBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
  <bindings>
   <basicHttpBinding>
    <binding name="BasicHttpBinding_IService1" maxBufferSize="2147483647"
     maxReceivedMessageSize="2147483647">
     <security mode="None" />
    </binding>
   </basicHttpBinding>
  </bindings>
   
  <client>
   <endpoint address="http://csslsystem-362/WcfService1/Service1.svc" binding="basicHttpBinding"
    bindingConfiguration="BasicHttpBinding_IService1" contract="ServiceReference1.IService1"
    name="BasicHttpBinding_IService1" />
  </client>
   
 </system.serviceModel>
 <system.web>
  <compilation debug="true"/>
    <!--<authentication  mode="Forms">    
      <forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH" defaultUrl="index.htm" />     
    </authentication>--> 
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
  </system.web>
 
</configuration>

这是我的登录页面web.config 档案

this is my loginpage web.config  file

<？xml version =" 1.0"？>

<?xml version="1.0"?>

<！ -

 有关如何配置ASP.NET应用程序的更多信息，请访问

  http://go.microsoft.com/fwlink/?LinkId=169433

  - >

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

< configuration>

&NBSP; < connectionStrings>

    < add name =" ApplicationServices"

         connectionString =" data source = .\SQLEXPRESS; Integrated Security = SSPI; AttachDBFilename = | DataDirectory | \ aspnetdb.mdf; User Instance = true"

      ;&NBSP;&NBSP;&NBSP;的providerName = QUOT; System.Data.SqlClient的" />

  < / connectionStrings>

<configuration>
  <connectionStrings>
    <add name="ApplicationServices"
         connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
         providerName="System.Data.SqlClient" />
  </connectionStrings>

  < system.web>

    < compilation debug =" true" targetFramework = QUOT; 4.0" />

  <system.web>
    <compilation debug="true" targetFramework="4.0" />

    < authentication mode =" Forms">

      < forms loginUrl ="〜/ Account / Login.aspx"超时= QUOT; 2880" />
$
    < / authentication>

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <会员资格>

      < providers>

        < clear />

        < add name =" AspNetSqlMembershipProvider"类型= QUOT; System.Web.Security.SqlMembershipProvider" connectionStringName =" ApplicationServices"

             enablePasswordRetrieval = QUOT假QUOT; enablePasswordReset设置= QUOT;真" requiresQuestionAndAnswer = QUOT假QUOT; requiresUniqueEmail =" false"

             maxInvalidPasswordAttempts = QUOT; 5英寸minRequiredPasswordLength = QUOT; 6英寸minRequiredNonalphanumericCharacters = QUOT; 0" passwordAttemptWindow =" 10"

            的applicationName = QUOT; /" />
$
      < / providers>

    < / membership>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <个人资料>

      < providers>

        < clear />

        < add name =" AspNetSqlProfileProvider"类型= QUOT; System.Web.Profile.SqlProfileProvider"的connectionStringName = QUOT; ApplicationServices" applicationName =" /" />

      < / providers>

    < / profile>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    < roleManager enabled =" false">

      < providers>

        < clear />

        < add name =" AspNetSqlRoleProvider"类型= QUOT; System.Web.Security.SqlRoleProvider"的connectionStringName = QUOT; ApplicationServices"的applicationName = QUOT; /" />
$
        < add name =" AspNetWindowsTokenRoleProvider"类型= QUOT; System.Web.Security.WindowsTokenRoleProvider"的applicationName = QUOT; /" />
$
      < / providers>

    < / roleManager>

    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>

  < /system.web>

  </system.web>

  < system.webServer>

     < modules runAllManagedModulesForAllRequests =" true" />

  < /system.webServer>

  < system.serviceModel>

    < behavior>

      < serviceBehaviors>

        < behavior name ="">

          < serviceMetadata httpGetEnabled =" true" />
$
          < serviceDebug includeExceptionDetailInFaults =" false" />
$
        < / behavior>

      < / serviceBehaviors>

    < / behaviors>

    < serviceHostingEnvironment multipleSiteBindingsEnabled =" true" />
$
    < bindings>

      < basicHttpBinding>

        < binding name =" BasicHttpBinding_IService1" closeTimeout =" 00：01：00"

          openTimeout = QUOT; 00：01：00" receiveTimeout = QUOT; 00：10：00" sendTimeout =" 00：01：00"

          allowCookies = QUOT假QUOT; bypassProxyOnLocal = QUOT假QUOT; hostNameComparisonMode =" StrongWildcard"

          MAXBUFFERSIZE = QUOT; 65536" maxBufferPoolSize = QUOT; 524288" maxReceivedMessageSize =" 65536"

          messageEncoding = QUOT;文本" textEncoding = QUOT; UTF-8英寸transferMode =" Buffered"

          useDefaultWebProxy =" true">

          < readerQuotas maxDepth =" 32" maxStringContentLength = QUOT; 8192" maxArrayLength =" 16384"

            maxBytesPerRead = QUOT; 4096" maxNameTableCharCount = QUOT; 16384" />
$
          < security mode =" None">

            < transport clientCredentialType =" None" proxyCredentialType =" None"

             境界= QUOT;" />
$
            < message clientCredentialType =" UserName" algorithmSuite = QUOT;默认" />
$
          < / security>

        < / binding>

      < / basicHttpBinding>

    < / bindings>

    < client>

      < endpoint address =" http：//csslsystem-297/WcfService1/Service1.svc "

       结合= QUOT; basicHttpBinding的" bindingConfiguration =" BasicHttpBinding_IService1"

       合同= QUOT; ServiceReference1.IService1"名称= QUOT; BasicHttpBinding_IService1" />
$
    < / client>

  < /system.serviceModel>

< / configuration>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_IService1" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
          allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
          messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
          useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="None">
            <transport clientCredentialType="None" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://csslsystem-297/WcfService1/Service1.svc"
        binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
        contract="ServiceReference1.IService1" name="BasicHttpBinding_IService1" />
    </client>
  </system.serviceModel>
</configuration>

推荐答案

将表单的Method更改为'POST'而不是'GET'。这将隐藏您传递的凭据。

Change the form's Method to 'POST' instead of 'GET'. That will hide the credentials you're passing.

这篇关于限制问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！