堆栈内存溢出
  简体   繁体   English

ASP.Net在没有表单身份验证的情况下保护我的页面

[英]ASP.Net Protecting My Page without Forms Authentication

 原文  2009-08-13 15:52:34       c#/ asp.net/ asp.net-membership

问题描述

I have a web application which has Forms Authentication however one of the pages has to be accessed via a 3rd party application. 我有一个具有表单身份验证的Web应用程序,但是其中一个页面必须通过第三方应用程序访问。 This 3rd party app sends its request with querystring parameters and data is returned. 此第三方应用程序发送带有querystring参数的请求,并返回数据。 This page has been setup so Forms Authentication does not apply to it. 此页面已设置,因此表单身份验证不适用于此页面。

I do not want this data available if someone finds the URL that the 3rd party app is using (and their is a high chance of this happening) and they put it in the browser. 如果有人找到了第三方应用程序正在使用的URL(并且发生这种情况的可能性很大)并将他们放在浏览器中,我就不希望获得这些数据。

How is this possible? 这怎么可能?

2 个解决方案

解决方案1
 1  2009-08-13 15:59:06

Well, depending on what you are doing there a few things. 好吧,这取决于您在做什么。

  1. If the third party application will always be calling from the same IP you could limit based on request IP, but not 100% fool-proof 如果第三方应用程序始终使用相同的IP进行呼叫,则可以基于请求的IP进行限制,但不能100%可靠
  2. If you are concerned about people stealing the link DO NOT pass authentication via querystring, as then they have everything setup 如果您担心有人在窃取链接,请不要通过querystring通过身份验证,因为这样他们就可以进行所有设置
  3. Potentially look at implementing basic authentication at the IIS level, if the 3rd party can pass credentials through their request 如果第三方可以通过其请求传递凭据,则可以考虑在IIS级别实现基本身份验证

Added Detail 增加了细节

Per your request, here is a link on how to setup basic authentication. 根据您的请求,以下是有关如何设置基本身份验证的链接。 Basic IIS Authentication . 基本IIS身份验证

This should work out well in your case. 在您的情况下,这应该可以很好地解决。

解决方案2
 0  

I don't know if this will work for the situation you are describing, but you might try calling 我不知道这是否适用于您描述的情况,但您可以尝试致电 

MembershipUser User = Membership.GetUser();

In your Page_Load method for the page in question and checking to see if a valid user was returned. 在您所涉及页面的Page_Load方法中,并检查是否返回了有效用户。 This is probably not a perfect solution though, as it would only block authenticated users. 但是,这可能不是一个完美的解决方案,因为它只会阻止经过身份验证的用户。

What are the circumstances that would allow a user to find the link to this page? 在什么情况下允许用户找到此页面的链接? Also, do you have any sort of control over how the 3rd party app is sending its request? 另外,您对第三方应用程序发送请求的方式有任何控制权吗?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 asp.net使用ssl无需登录页面即可进行身份验证 - asp.net forms authentication without login page using ssl 保护asp.net页面中的密码viewstate - Protecting password viewstate in asp.net page asp.net表单-保护表单(或文件夹)免受未经身份验证的用户的侵害 - asp.net forms - protecting forms(or folders) from unauthenticated users 如何在不禁用表单身份验证的情况下在ASP.NET中获取LogonName - How to get the LogonName in ASP.NET without disabling Forms Authentication 没有表单身份验证的ASP.NET MVC 5单点登录模式 - ASP.NET MVC 5 Single Sign On pattern without Forms Authentication ASP.NET表单身份验证-不重定向到任何页面 - ASP.NET Forms Authentication - not redirecting to any page ASP.NET表单身份验证和Windows身份验证 - ASP.NET Forms Authentication and Windows Authentication 没有登录页面的ASP.NET自定义身份验证 - ASP.NET Custom authentication without login page 我的ASP.NET页中的表单身份验证方法 - Form authentication method in my ASP.NET page 差异Asp.net表单和无身份验证 - Difference Asp.net Forms and None Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM