ASP.NET MVC - 检查请求来自另一个动作 [英] ASP.NET MVC - Check if request comes from another action

问题描述

有没有一种简单的方法来检查，如果请求来自我的应用程序内的动作？

Is there a simple way to check if a request comes from an action inside my app?

我建立的电子邮件确认页面上我工作的一个网站，我想显示不同的要求不同起源的文本。

I'm building the email confirmation page on a site I'm working on, and I'd like to show different texts on different request origins.

• 如果用户来自另一个动作：在（如寄存器操作）我
  应用，然后我只是想显示的文本，就像这样：
  感谢x上注册，请确认与您的帐户
  鉴于你从我们这里得到了电子邮件中的链接。

• If a user comes from another action (eg: the register action) in my app, then I simply want to show a text saying something like: "Thanks for registering on x, please confirm your account with the given link in the email you got from us.."

如果一个用户来我的应用程序之外，那么他probabely希望
确认他或她的帐户，所以我会告诉其他文本根据
确认的成功。或者，也许他/她是一名黑客，并希望插入malcious code。在查询字符串。

If a user comes outside of my app, then he probabely wants to confirm his or her account, so I'll show another text depending on the success of the confirmation. Or maybe he's/she's a hacker, and wants to insert malcious code in the querystring.

为什么我要做到这一点，你可能会问。好了，我的客户是真正热心的安全，我想检查该网站上几乎所有的要求，这样他就可以在和平睡觉:)

Why I need to do this, you may ask. Well, my client is really enthusiastic about security, and I'd like to check almost every request on the site, so he can sleep in peace :)

推荐答案

简单检查 UrlReferrer PROPERT，它（的请求的属性，它是控制器的属性）：

Simply check the UrlReferrer propert, it's a property of the Request(which is a property of the controller):

if (Request.UrlReferrer.ToString().StartsWith("The domain"))

您可以使用此还有：

if (Request.UrlReferrer.Host == Request.Url.Host)

顺便说一句，因为你关心安全性，要知道，请求可以很容易地编辑和含有虚假数据。验证基于它的数据每一项要求，不依赖于previous URL和等。

By the way, since you care about security, be aware that requests can easily be edited and contain false data. validate every request based on it's data, don't rely on previous urls and such.

这篇关于ASP.NET MVC - 检查请求来自另一个动作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！