asp.net网站安全 [英] asp.net website security
问题描述
你好,
我正在开发一个ASP.NET网站,我有一个数据输入页面,该页面只能使用登录控件进行访问.
我的问题是,当我使用浏览器的后退"按钮或单击注销离开数据输入页面时,我被重定向到上一页或所需的页面,这很好,但是如果我单击在浏览器的转发"按钮上,我被重定向到我的数据输入页面,而没有提示您输入任何登录信息.
我想要的是随时尝试访问数据输入页面的时候,尤其是在使用浏览器导航按钮时,我想首先重定向到登录页面,以便我可以输入登录凭据.
预先感谢,
您忠实的
Martin
Hi there,
I am developing an ASP.NET website, I have a data entry page which i can only access using a login control.
My problem is, when I navigate away from my data entry page using the ''Back'' button of my browser or by clicking on logout, I am redirected to the previous page or my desired page, which is good, but if I click on the ''Forward'' button of my browser, I am redirected to my data entry page without being prompted for any login information.
What I want is any time I try to access my data entry page, especially when using the browser navigation buttons, I want to be redirected to login page first so that I can enter in my login credentials.
Thanks in advance,
Yours faithfully
Martin
推荐答案
这种情况是由于缓存而引起的.
如果适合您,处理它的一种方法可以是:
1.清除会话
2.清除缓存,使浏览器没有历史记录(这将使浏览器中的后退/前进"按钮变为灰色).
清除缓存的代码可以放在下面的代码中:
This happens because of cache.
If it suits you, one way to handle it can be:
1. clear the sessions
2. clear the cache such that browser has no history (this will make back/forward button in browser grayed out disabled.)
code for clearing cache can be put up in code behind as follows:
// Code disables caching by browser. Hence the back browser button
// grayed out and could not causes the Page_Load event to fire
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
您可以将类似的东西添加为aspx格式:
You can add somethin similar in form aspx if you want to place it there:
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0"></meta></meta></meta>
类似地:
您可以通过JavaScript或Codebehind清除浏览器历史记录....
Similarly:
You can clear browser history through JavaScript or Codebehind....
//clears browser history and redirects url
<SCRIPT LANGUAGE=javascript> { var Backlen=history.length; history.go(-Backlen); window.location.href=page url }</SCRIPT>
或
OR
Page.ClientScript.RegisterStartupScript(this.GetType(),"cle","windows.history.clear",true);
或者如您在登出事件中所说:
OR as you say in you logout event:
protected void LogOut()
{
Session.Abandon();
string nextpage = "Logoutt.aspx";
Response.Write("<script language=javascript>");
Response.Write("{");
Response.Write(" var Backlen=history.length;");
Response.Write(" history.go(-Backlen);");
Response.Write(" window.location.href='" + nextpage + "'; ");
Response.Write("}");
Response.Write("</script>");
}
如果遇到问题,只用Google即可!
Just Google it if you face issues!
清除会话和cookie..
而且即使浏览器缓存将您重定向到该页面,您也不必担心破坏了cookie和会话,您将必须登录页面才能执行任何操作.
clear the session and cookies..
and also you don''t need to worry as if you destroy cookies and session even if the browser cache redirects you to that page, you ll have to login for the page to perform any operation.
我确定您没有使用IE.因此,请放心,用户只能看到页面,但是当他进行回发或进一步导航时,他们将被重定向回主页,直到他们登录为止.您看到的页面是服务器上未缓存的页面.
I''m sure you are not using IE. So do not worry, the user can only see the page but when (s)he do a postback or further navigation, they will be redirect back to home until they log in. The page you are seeing is cached page not real from server.
这篇关于asp.net网站安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
