仅当它们来自另一个特定页面上的链接时，才允许访问网站上的特定页面 [英] Allow access to a certain page on a site, only if they come from a link on another certain page

问题描述

对于我的ASP.NET MVC网站，如果用户来自另一个特定页面上的链接(该页面可能来自完全不同的URL)，我想允许访问特定页面，仅

For my ASP.NET MVC website, I want to allow access to a certain page, only if the user comes from a link on another certain page (that page could be from completely different URL).

示例:

如果用户来自 www.MySite.com/上的链接，我希望允许其访问 www.MySite.com/thispage ，仅 .那个页面或 www.MyOtherSite.com/thatpage

I want to allow a user access to www.MySite.com/thispage, only if they come from a link on www.MySite.com/thatpage or www.MyOtherSite.com/thatpage

这怎么完成?

推荐答案

您需要检查您可以使用

Request.UrlReferrer

也就是说，这不是真正的安全性.有人可以手动设置浏览器的引荐来源标头.

That said, this isn't real security. Someone could set the referer header of their browser manually.

如果这只是防止热链接的一种方式，那就很好.但是，如果仅使用此方法使人们远离私人/安全信息，则需要实现某种真实形式的身份验证/授权.

If this is just a means of preventing hotlinking, it's fine. But if you're only using this to keep people out of private/secure information, you'll want to implement some real form of authentication/authorization.

这篇关于仅当它们来自另一个特定页面上的链接时，才允许访问网站上的特定页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！