ASP.NET中的安全性问题 [英] Security issue in ASP.NET
问题描述
亲爱的所有人,
我已经开发了一个ASP.NET网站.
有一个登录页面,用户可以通过该页面登录以浏览后续页面.
但是有一个问题,如果他登录,然后复制下一页的URL,然后关闭当前页面,然后打开一个新的浏览器,然后复制粘贴该URL就可以在不登录的情况下打开该页面.
登录页面为绕过".
有人可以建议我如何克服这个问题吗?我猜想使用Session变量,但是谁能解释??
在Advance中感谢
Dear All,
I have developed an ASP.NET website.
There is a Login Page through which an user can login to navigate through the subsequent pages.
But there is a problem, if he logs in and then he copies the URL of the next page and closes the current pages and then opens a new browser, copy-pastes the URL he is able to open the page without logging in.
The login page is By-Passed.
Can anybody suggest me how to overcome this ?? Using Session variables I guess but how can anybody explain ??
Thanks in Advance
推荐答案
一种方法可能是在方法中设置一个会话变量,以进行登录过程,这样,一旦用户正确登录,您就可以设置一个表示该变量的会话变量.
也许像:
Session["LoggedIn"] = true;
在随后的每个页面上,您都使用类似以下内容的代码进行测试:
One way might be to set a session variable in the method that carrie sout the login procedure such that, once the user is properly logged in, you set a session variable denoting that.
Perhaps like:
Session["LoggedIn"] = true;
On each subsequent page you test for this with something like:
if (!Convert.ToBoolean(Session["LoggedIn"]))
{
// Display a warning and/or redirect to login page.
}
您可能希望使其比这种简单的伪代码健壮得多,并且要好得多,但是它应该至少可以给您一个提示.
You''d want to make it much more robust and far better than this simplistic pseudo-code but it should give you at least one idea.
SQL注入 [ ^ ]
这篇关于ASP.NET中的安全性问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!