仅当它们来自另一个特定页面上的链接时,才允许访问网站上的特定页面 [英] Allow access to a certain page on a site, only if they come from a link on another certain page
问题描述
对于我的ASP.NET MVC网站,如果用户来自另一个特定页面上的链接(该页面可能来自完全不同的URL),我想允许访问特定页面,仅
For my ASP.NET MVC website, I want to allow access to a certain page, only if the user comes from a link on another certain page (that page could be from completely different URL).
示例:
如果用户来自 www.MySite.com/上的链接,我希望允许其访问 www.MySite.com/thispage ,仅 .那个页面或 www.MyOtherSite.com/thatpage
I want to allow a user access to www.MySite.com/thispage, only if they come from a link on www.MySite.com/thatpage or www.MyOtherSite.com/thatpage
这怎么完成?
推荐答案
您需要检查您可以使用
Request.UrlReferrer
也就是说,这不是真正的安全性.有人可以手动设置浏览器的引荐来源标头.
That said, this isn't real security. Someone could set the referer header of their browser manually.
如果这只是防止热链接的一种方式,那就很好.但是,如果仅使用此方法使人们远离私人/安全信息,则需要实现某种真实形式的身份验证/授权.
If this is just a means of preventing hotlinking, it's fine. But if you're only using this to keep people out of private/secure information, you'll want to implement some real form of authentication/authorization.
这篇关于仅当它们来自另一个特定页面上的链接时,才允许访问网站上的特定页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!