ASP.NET中的安全性问题 [英] Security issue in ASP.NET

问题描述

亲爱的所有人，

我已经开发了一个ASP.NET网站.

有一个登录页面，用户可以通过该页面登录以浏览后续页面.

但是有一个问题，如果他登录，然后复制下一页的URL，然后关闭当前页面，然后打开一个新的浏览器，然后复制粘贴该URL就可以在不登录的情况下打开该页面.

登录页面为绕过".

有人可以建议我如何克服这个问题吗?我猜想使用Session变量，但是谁能解释??

在Advance中感谢

Dear All,

I have developed an ASP.NET website.

There is a Login Page through which an user can login to navigate through the subsequent pages.

But there is a problem, if he logs in and then he copies the URL of the next page and closes the current pages and then opens a new browser, copy-pastes the URL he is able to open the page without logging in.

The login page is By-Passed.

Can anybody suggest me how to overcome this ?? Using Session variables I guess but how can anybody explain ??

Thanks in Advance

推荐答案

一种方法可能是在方法中设置一个会话变量，以进行登录过程，这样，一旦用户正确登录，您就可以设置一个表示该变量的会话变量.

也许像:

Session["LoggedIn"] = true;

在随后的每个页面上，您都使用类似以下内容的代码进行测试:

One way might be to set a session variable in the method that carrie sout the login procedure such that, once the user is properly logged in, you set a session variable denoting that.

Perhaps like:

Session["LoggedIn"] = true;

On each subsequent page you test for this with something like:

if (!Convert.ToBoolean(Session["LoggedIn"]))
{
    // Display a warning and/or redirect to login page.
}

您可能希望使其比这种简单的伪代码健壮得多，并且要好得多，但是它应该至少可以给您一个提示.

You''d want to make it much more robust and far better than this simplistic pseudo-code but it should give you at least one idea.

SQL注入 [ ^ ]

这篇关于ASP.NET中的安全性问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！