ASP.NET MVC - 验证路由的存在 [英] ASP.NET MVC - Verify the Existence of a Route

问题描述

我的ASP.NET MVC应用程序有这样一个场景，用户输入可以直接（通过字符串方式）影响到RedirectToAction（）的调用的目标，并有机会，用户可以创建，如果运行时错误输入不当导致他们请求不存在的动作。我想prevent这个问题顾左右而言他，但我想在尽可能少收税的方式来做到这一点，因为它必须在大量请求来完成。话虽这么说，反思将是一个可行的解决方案中使用，以确认/控制器/ ActionName确实存在，但反射是pretty沉重的操作。

My ASP.NET MVC application has a scenario where user input can directly influence the target of a call to RedirectToAction() (by way of a string) and there is a chance that the user could create a run-time error if improper input leads them to request an action that does not exist. I'd like to prevent this problem outright, but I'd like to do so in the least taxing way possible as it must be done on a large number of requests. That being said, reflection would be a viable solution to use to confirm that /Controller/ActionName actually exists, but reflection is a pretty heavy operation.

什么是确认在ASP.NET MVC应用程序指定的URL实际上是在连接到控制器操作的最佳方式？

What would be the best way to confirm that a given Url in an ASP.NET MVC application is in fact wired to a controller action?

推荐答案

我最终采取这里的路线是反思和包含所有存储在应用程序的[]相关负责人的有效操作的字典。有效的操作是通过检查方法的返回类型并验证它是（或从派生）的ActionResult并且它不是独立确定。我可以做一些更多的检查，但这些都是足够了。

The route I ended up taking here was reflection and a Dictionary containing all of the valid actions in the relevant Controller which is stored in Application[]. A valid Action is determined by checking the method's ReturnType and verifying that it is (or derives from) ActionResult and that it is not Private. I could do some more checks, but these are sufficient for now.

public static bool MethodIsAction(MethodInfo method)
{
    if (method == null)
        throw new ArgumentNullException("Invalid Parameter: method cannot be null.");

    if (method.ReturnType != typeof(ActionResult) && method.ReturnType.BaseType != typeof(ActionResult))
        return false;

    if (method.IsPrivate)
        return false;

    return true;
}

的动作的词典是建立与内部的Application_Start以下方法：

The dictionary of actions is built with the following method inside Application_Start:

public static Dictionary<string, MethodInfo> GetActionDictionary(Type controller)
{
    Dictionary<string, MethodInfo> dict = null;

    var methods = controller.GetMethods().Where(MethodIsAction);
    if (methods.Any())
    {
        dict = new Dictionary<string, MethodInfo>(StringComparer.OrdinalIgnoreCase);
        foreach (var action in methods)
            dict.Add(action.Name, action);
    }
    return dict;
}

当用户请求一个合格的动作，我只是在字典点操作名称和是否存在MethodInfo的该行动的名字我调用它。虽然它仍然需要反思，它至少优化，使得它的应用程序运行时，只会发生一次。

When a user requests a qualifying action I simply point the action name at the Dictionary and if a MethodInfo exists for that action name I invoke it. While it still requires reflection, it's at least optimized so that it only ever happens once while the application is running.

这篇关于ASP.NET MVC - 验证路由的存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！