堆栈内存溢出
  简体   繁体   English

ASP .NET MVC 如何使 Url 看起来像 POST 而不是 GET

[英]ASP .NET MVC How to make Url that look like POST not GET

 原文  2011-07-03 18:01:18       asp.net-mvc/ url

问题描述

So normally I have links like:所以通常我有如下链接:

http://domain.com/action?some=1&foo=2

and so on.等等。 It's make me really upset, as some clever users might just reinvent link on their own and get access to some data, which is not desirable.这让我非常沮丧,因为一些聪明的用户可能只是自己重新发明链接并访问一些数据,这是不可取的。 I know i can setup security On server side, but i'd like to make links look like:我知道我可以在服务器端设置安全性,但我想让链接看起来像:

http://domain.com/action

And 'some' and 'foo' send like POST request 'some' 和 'foo' 像 POST 请求一样发送

3 个解决方案

解决方案1
 1  2011-07-03 18:04:50

Actions in ASP.NET MVC don't distinguish betweed Post and Get as far as the parameters to the actions are concerned.就操作的参数而言,ASP.NET MVC 中的操作不区分 Post 和 Get。 However, you can start by marking your actions with the attribute [HttpPost] .但是,您可以从使用属性[HttpPost]标记您的操作开始。 This will limit the request options to post only.这会将请求选项限制为仅发布。

Now to the second "issue", you need to change all your links so that you use post instead of get, you can do this by using ajax, check out $.post in jQuery for that.现在到第二个“问题”,您需要更改所有链接,以便使用 post 而不是 get,您可以使用 ajax 执行此操作,请查看 jQuery 中的$.post

This doesn't solve any security issues with your parameters though, it generally doesn't matter if you show it in the querystring or of it is sent by a post .但是,这并不能解决您的参数的任何安全问题,通常是在查询字符串中显示它还是通过post发送它并不重要。 If someone wants to inject something into your post-data, it's not rocket science.如果有人想在你的后期数据中注入一些东西,那不是火箭科学。

解决方案2
 1  2011-07-03 18:04:52

You have to wrap it in a form for it to work;你必须把它包装成一个表格才能工作; with the inputs being hidden.输入被隐藏。 On the server side you have to restrict the action to only responding to a POST request.在服务器端,您必须将操作限制为仅响应 POST 请求。 However, this doesn't really solve your problem as a sufficiently interested and knowledgeable user can just as easily craft a POST as a GET.但是,这并不能真正解决您的问题,因为足够感兴趣和知识渊博的用户可以像 GET 一样轻松制作 POST。

解决方案3
 0  2011-07-05 08:59:27

You can add form to the view and apply [HttpPost] attribute for the action which will take the model after the post.您可以将表单添加到视图并应用 [HttpPost] 属性来执行发布后将采取 model 的操作。

Adding form to the razor view (also you will need a button or a link to sumbit):将表单添加到 razor 视图(您还需要一个按钮或一个链接来提交):

@using (Html.BeginForm("SomeAction", "SomeController", FormMethod.Post, new { @id = "someFormId" }))
{
    @Html.HiddenFor(model => model.some)
    @Html.HiddenFor(model => model.foo)
}

And here is a Controller with action to proccess your post:这是一个 Controller ,用于处理您的帖子:

public class SomeController : Controller
{
    [HttpPost]
    public ActionResult SomeAction(SomeModel model)
    {
        //process 'some' and 'foo' here
        return View(model);
    }
}

To enhance security you can easily encrypt/decrypt "some" and "foo" values.为了增强安全性,您可以轻松地加密/解密“some”和“foo”值。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何让控制器接受来自正文的帖子数据以及MVC 6 ASP.NET 5中的URL - How to make a controller accept post data from the body as well as URL in MVC 6 ASP.NET 5 ASP.NET MVC Url.Action创建Get Not Post - ASP.NET MVC Url.Action creating Get not Post 在ASP.NET MVC 3的后续操作中获取URL - Get Url in post Action of ASP.NET MVC 3 如何使用ASP.net MVC进行Ajax回发 - How to make an Ajax Post Back with ASP.net MVC 如何在asp.net MVC的url中创建别名 - How to make an alias in the url of asp.net MVC 如何发布/获取而不等待ASP网络中的响应(像Ajax这样的异步对象) - How to Post/Get and not wait for the response (Async like Ajax) in asp net 如何在ASP.NET MVC Post方法中获取动态参数 - How to get dynamic paramter in asp.net mvc post method 如何在ASP.NET MVC控制器中获取发布JSON数据 - How to get the post json data in asp.net mvc controller 如何在ASP.NET MVC中将参数数组作为GET / POST? - How to take an array of parameters as GET / POST in ASP.NET MVC? ASP.NET MVC-如何在发布时获取复选框值 - ASP.NET MVC - How to get checkbox values on post
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM