视图验证的MVC最佳做法?
[英]MVC best practice for view validation?
问题描述
What is considered best practice for the following example: 
以下示例被认为是最佳实践:
- Change Password - Normal, enter username, current password, new password, confirm password 更改密码-正常,输入用户名,当前密码,新密码,确认密码
- Change Password - Password recovery, email has link that goes to this page sending a parameter which contains lets say username and new system changed password, View shows only new password and confirm password. 更改密码-密码恢复,电子邮件具有转到此页面的链接,发送一个参数,其中包含用户名和新系统更改的密码,视图仅显示新密码并确认密码。
- Change Password - The above link has an invalid param and shows that this link is broken 更改密码-上面的链接包含无效的参数,表明此链接已损坏
Are these 3 separate views? 这是3个单独的视图吗? Or the same view with multiple route options? 还是具有多个路线选项的同一视图?
ActionResult ChangePassword()
ActionResult ChangePassword(string token)
{
// if bad token show this error view partial? set viewdata item and let cshtml decide what to show?
}
Or is a situation like this not really all that logical? 还是这样的情况不是真的那么合乎逻辑吗?
3 个解决方案
解决方案1
3 已采纳 2013-10-25 19:27:10
I would separate it into 2 pages: 我将其分为2页:
Change Password 更改密码
- users always enters old password and new one, new one twice for confirmation 用户总是输入旧密码和新密码,两次输入新密码进行确认
- no need to get username because they should be authenticated already 无需获取用户名,因为它们应该已经通过身份验证
- do not allow URL parameters to pre-populate values 不允许URL参数预填充值
- use a CSRF token 使用CSRF令牌
Reset Password 重设密码
- only linked to from email with valid unique param 仅链接到具有有效唯一参数的电子邮件
- user only enters new password, twice for confirmation 用户仅输入新密码,两次进行确认
- no need to get username, URL param set by email already identifies user 无需获取用户名,通过电子邮件设置的URL参数已经可以识别用户
- do not use URL params to send anything else, eg temp passwords or usernames 不要使用URL参数发送其他任何内容,例如临时密码或用户名
- no need to use CSRF token, other unique param already blocks against forgery 无需使用CSRF令牌,其他唯一参数已阻止伪造
These two pages seem to operate differently enough that I think you would be better off using separate views, actions, & view models. 这两页的操作方式似乎完全不同,我认为最好使用单独的视图,操作和视图模型。 If you get to the end though, there is nothing wrong with refactoring to remove duplication, but I would predict they will not be as similar as you anticipate. 如果最后,重构消除重复没有什么问题,但是我预计它们不会像您期望的那样相似。
解决方案2
2 2013-10-25 19:23:52
I think you could get away with a single View, you just need to build a robust enough ViewModel: 我认为您可以只使用一个View,只需要构建足够强大的ViewModel:
public class ChangePasswordViewModel(){
public string OldPasswordHash {get; set;} //Remember never to store password in clear text
public string NewPassword{ get; set; }
public string RecoveryToken { get; set; }
}
Based on these properties, you should have all you need to flesh out the presentation logic in your View to cover off all the use cases you describe above. 基于这些属性,您应该拥有充实视图中表示逻辑的所有内容,以掩盖您上面描述的所有用例。 Let me know if you need further guidance. 让我知道您是否需要进一步的指导。
解决方案3
1 2013-10-25 19:15:37
我认为对ASP.NET MVC的最佳验证是您要Validation Attributes上的“ Validation Attributes ”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.