在MVC Razor中注销后用户按“后退”按钮时,如何防止身份验证?
[英]How to Prevent Authentication when User Press Back button after signout in MVC Razor?
问题描述
I have written the code for preventing user Authentication in my GET Method like below 
我已经在GET方法中编写了用于防止用户身份验证的代码,如下所示
if (!string.IsNullOrEmpty(Session["UserName"].ToString()))
{
MyConnection mycon = new MyConnection();
string str = "";
int res = 0;
if (Request.QueryString.ToString().Contains("ID1"))
{
str = "Delete from PostTable where PostID=" + Request.QueryString["ID1"];
res = mycon.IODPost(str);
}
return View(AllPostList());
}
else
{
return RedirectToAction("Home", "Home");
}
but when i press Back button in browser after signout, the page is postback to the previous page which can't be done.. so what should i do to prevent this? 但是,当我注销后按浏览器中的“后退”按钮时,该页面将回退到上一页,这是无法完成的..那么我该怎么做才能防止这种情况发生?
1 个解决方案
解决方案1
0 2013-07-19 14:43:36
so there are several bad practices in your example. 因此,您的示例中存在几种不良做法。
be aware of sql injection - use ADO.NET SqlCommand and SqlCommandParameter classes to create queries.
注意SQL注入-使用ADO.NET SqlCommand和SqlCommandParameter类创建查询。 ASP MVC has attributes like [Authorized] , [AllowAnonymous] that can guid your app workflow for each request.
ASP MVC具有[Authorized]和[AllowAnonymous]之类的属性,可以针对每个请求引导您的应用程序工作流。 You can add these at the controller lever, or method level. 您可以在控制杆或方法级别添加这些。 Check for null againts "Session["UserName"].ToString()"
检查null再次“ Session [” UserName“]。ToString()”
Some links : 一些链接:
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx http://msdn.microsoft.com/zh-CN/library/system.data.sqlclient.sqlcommand.parameters.aspx
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.108).aspx#using_authorizeattribute http://msdn.microsoft.com/zh-CN/library/system.web.mvc.authorizeattribute(v=vs.108).aspx#using_authorizeattribute
hope this helps 希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.