2

Is there a simple way to check if a request comes from an action inside my app?

I'm building the email confirmation page on a site I'm working on, and I'd like to show different texts on different request origins.

  • If a user comes from another action (eg: the register action) in my app, then I simply want to show a text saying something like: "Thanks for registering on x, please confirm your account with the given link in the email you got from us.."

  • If a user comes outside of my app, then he probabely wants to confirm his or her account, so I'll show another text depending on the success of the confirmation. Or maybe he's/she's a hacker, and wants to insert malcious code in the querystring.

Why I need to do this, you may ask. Well, my client is really enthusiastic about security, and I'd like to check almost every request on the site, so he can sleep in peace :)

4

1 回答 1

6

只需检查UrlReferrer属性,它是请求的属性(它是控制器的属性):

if (Request.UrlReferrer.ToString().StartsWith("The domain"))

您也可以使用它:

if (Request.UrlReferrer.Host == Request.Url.Host)

顺便说一句,由于您关心安全性,请注意请求很容易被编辑并包含虚假数据。根据其数据验证每个请求,不要依赖以前的 url 等。

于 2013-06-09T21:14:08.757 回答