如何防止用户通过搜索栏访问路线?
How do I prevent a user from accessing a route through the search bar?
我正在开发这个 Dotnet 核心 MVC/Razor 页面应用程序,它应该阻止用户通过搜索栏访问某些控制器路由,除非他们在注册表单中指定它。我如何实现这一目标? dotnet core MVC 有这个关键字吗?我卡住了。 Identity/Account/Register 显示注册的一些相关代码如下
[Required]
[Display(Name = "Choose businesslisting or choice")]
public string Decision { get; set; }
}
public void OnGet(string returnUrl = null)
{
ReturnUrl = returnUrl;
}
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var user = new IdentityUser { UserName = Input.Email, Email = Input.Email };
var result = await _userManager.CreateAsync(user, Input.Password);
if (Input.Decision == "Business Listing" || Input.Decision == "business listing")
{
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Change your password",
$"Please change your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
await _signInManager.SignInAsync(user, isPersistent: false);
return LocalRedirect(returnUrl);
}
}
我将从 ASP.NET 核心授权文档开始 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/introduction?view=aspnetcore-2.2
您可能会发现基于声明的身份验证在这种情况下很有用 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-2.2
创建用户后,您可以添加允许他们访问特定 controllers/urls.
的特定声明
我正在开发这个 Dotnet 核心 MVC/Razor 页面应用程序,它应该阻止用户通过搜索栏访问某些控制器路由,除非他们在注册表单中指定它。我如何实现这一目标? dotnet core MVC 有这个关键字吗?我卡住了。 Identity/Account/Register 显示注册的一些相关代码如下
[Required]
[Display(Name = "Choose businesslisting or choice")]
public string Decision { get; set; }
}
public void OnGet(string returnUrl = null)
{
ReturnUrl = returnUrl;
}
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var user = new IdentityUser { UserName = Input.Email, Email = Input.Email };
var result = await _userManager.CreateAsync(user, Input.Password);
if (Input.Decision == "Business Listing" || Input.Decision == "business listing")
{
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Change your password",
$"Please change your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
await _signInManager.SignInAsync(user, isPersistent: false);
return LocalRedirect(returnUrl);
}
}
我将从 ASP.NET 核心授权文档开始 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/introduction?view=aspnetcore-2.2
您可能会发现基于声明的身份验证在这种情况下很有用 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-2.2
创建用户后,您可以添加允许他们访问特定 controllers/urls.
的特定声明