从同一域 C# 中的特定页面获取引荐来源网址
get referrer from a specific page in same domain C#
我的站点有 default.aspx 页面,您单击提交并进入 customerinfo.aspx 页面。但是,它们必须来自同一域中的 default.aspx 页面。如果推荐人为空,外部 link,或者他们的客户 ID 不存在,那么它会重定向回 default.aspx 页面,以便他们可以输入他们的信息,否则它会在 customerinfo.aspx 页。试图阻止从外部访问该页面 URL,如果您这样做,它会显示对象引用错误,但只需要重定向到默认页面。
Uri referrer = HttpContext.Current.Request.UrlReferrer;
if (referrer == null || string.IsNullOrEmpty(Request.UrlReferrer.ToString()) && string.IsNullOrEmpty(Session["customerID"].ToString()))
{
//This section is skipped because it's not a null referrer.
Response.Redirect(url: "default.aspx", endResponse: false);
return;
}
if (!IsPostBack)
{
if (!string.IsNullOrEmpty(Request.QueryString["customerID"]))
{
//This section is skipped even though there's a customer ID?
Session["customerID"] = Request.QueryString["customerID"];
customerInfo();
}
else
{
if (string.IsNullOrEmpty(Session["customerID"].ToString()))
{
//This section is skipped because it's not an empty session, there's a customer ID.
Response.Redirect(url: "default.aspx", endResponse: false);
}
else
{
//This section is hit because there's a customer ID so the string isn't empty but not sure why the first isn't hit?
customerInfo();
}
}
}
虽然 headers 可以被伪造 - 它仍然可以做更多的工作。
而且您可能只是不希望用户登陆某个表示已提供外部 link 的页面。
因此,这将检查没有引用,即使引用相同
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
// first page load.
// user direct type in url - don't want that!
// no referring URL at all
if (Request.UrlReferrer == null)
{
// user typed in URL - no referring URL
Response.Redirect("~/Default.aspx");
}
// user direct typed in this page, or selected from browser drop down/auto complete
// so referring page is SAME as this page - again not from our landing page
if (Request.UrlReferrer.AbsoluteUri.ToString() == Request.Url.AbsoluteUri.ToString())
{
Response.Redirect("~/Default.aspx");
}
}
}
我想通了。拿了 Albert 的部分代码并对我的代码进行了一些更改。
Uri referrer = HttpContext.Current.Request.UrlReferrer;
string urlName = Request.UrlReferrer.ToString(); // grabbing referring page address
if (referrer == null && urlName != "default.aspx")
{
Response.Redirect(url: "default.aspx", endResponse: false);
return;
}
if (!IsPostBack)
{
if(Session["customerID"] == null && urlName != "default.aspx") //If both are false they go to homepage
{
Response.Redirect(url: "default.aspx", endResponse: false);
}
else
{
customerInfo(); //or else they get the customer info on the customer page
}
}
我的站点有 default.aspx 页面,您单击提交并进入 customerinfo.aspx 页面。但是,它们必须来自同一域中的 default.aspx 页面。如果推荐人为空,外部 link,或者他们的客户 ID 不存在,那么它会重定向回 default.aspx 页面,以便他们可以输入他们的信息,否则它会在 customerinfo.aspx 页。试图阻止从外部访问该页面 URL,如果您这样做,它会显示对象引用错误,但只需要重定向到默认页面。
Uri referrer = HttpContext.Current.Request.UrlReferrer;
if (referrer == null || string.IsNullOrEmpty(Request.UrlReferrer.ToString()) && string.IsNullOrEmpty(Session["customerID"].ToString()))
{
//This section is skipped because it's not a null referrer.
Response.Redirect(url: "default.aspx", endResponse: false);
return;
}
if (!IsPostBack)
{
if (!string.IsNullOrEmpty(Request.QueryString["customerID"]))
{
//This section is skipped even though there's a customer ID?
Session["customerID"] = Request.QueryString["customerID"];
customerInfo();
}
else
{
if (string.IsNullOrEmpty(Session["customerID"].ToString()))
{
//This section is skipped because it's not an empty session, there's a customer ID.
Response.Redirect(url: "default.aspx", endResponse: false);
}
else
{
//This section is hit because there's a customer ID so the string isn't empty but not sure why the first isn't hit?
customerInfo();
}
}
}
虽然 headers 可以被伪造 - 它仍然可以做更多的工作。
而且您可能只是不希望用户登陆某个表示已提供外部 link 的页面。
因此,这将检查没有引用,即使引用相同
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
// first page load.
// user direct type in url - don't want that!
// no referring URL at all
if (Request.UrlReferrer == null)
{
// user typed in URL - no referring URL
Response.Redirect("~/Default.aspx");
}
// user direct typed in this page, or selected from browser drop down/auto complete
// so referring page is SAME as this page - again not from our landing page
if (Request.UrlReferrer.AbsoluteUri.ToString() == Request.Url.AbsoluteUri.ToString())
{
Response.Redirect("~/Default.aspx");
}
}
}
我想通了。拿了 Albert 的部分代码并对我的代码进行了一些更改。
Uri referrer = HttpContext.Current.Request.UrlReferrer;
string urlName = Request.UrlReferrer.ToString(); // grabbing referring page address
if (referrer == null && urlName != "default.aspx")
{
Response.Redirect(url: "default.aspx", endResponse: false);
return;
}
if (!IsPostBack)
{
if(Session["customerID"] == null && urlName != "default.aspx") //If both are false they go to homepage
{
Response.Redirect(url: "default.aspx", endResponse: false);
}
else
{
customerInfo(); //or else they get the customer info on the customer page
}
}