如果直接请求,我是否可以阻止提供某些 PartialViews?

发布于 2024-09-11 02:10:39 字数 470 浏览 4 评论 0原文

我正在开发一个网站,该网站具有渲染部分视图的操作的路由。许多局部视图都是组件,它们共同构成了一个完整的页面。

例如,我正在处理的搜索页面有一个文本框、选项卡列表和一个表格。

其中每个都可以通过类似于以下的 URL 进行访问

/Search/SearchPanel
/Search/Tabs/{SearchTerm}
/Search/ResultsTable/SearchTerm?tab=[currently selected tab]

,并且这些都通过我的索引页面上的 RenderPartial 进行呈现。

当页面加载时,它将按照我想要的方式显示每个组件。但目前没有什么可以阻止用户直接访问 url

/Search/Tabs

以仅呈现选项卡控件,该选项卡控件在页面上其余元素的上下文之外毫无意义。

我有办法阻止这种情况吗?

I'm working on a site that has routes to actions which render Partial Views. A lot of these partial views are components which together make up a complete page.

For instance on a search page I'm working on has a text box, a list of tabs, and a Table.

Seach of these can be accessed with a URL similar to

/Search/SearchPanel
/Search/Tabs/{SearchTerm}
/Search/ResultsTable/SearchTerm?tab=[currently selected tab]

and these are all rendered on with a RenderPartial on my Index page.

When the page loads, it will display each of these components the way I want it. But at the moment there's nothing stopping a user from going directly to the url

/Search/Tabs

to render only a tab control which is meaningless outside the context of the rest of the elements on the page.

Is there a way for me to prevent this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

撧情箌佬 2024-09-18 02:10:39

您是否尝试过将您的控制器方法标记为私有

private PartialViewResult MyPartialResultMethod()

这应该允许您从代码中调用它来构建您的页面并禁止任何公共访问(例如通过 URl)。

我现在正在测试这个,以确保我的答案是正确的,所以我会在测试时更新。

在选项卡示例中,您可以通过使用私有选项卡的第二个控制器方法来简单地限制访问。

所以你会得到看起来像这样的东西:

public ActionResult Tabs(string searchTerm) // When a search term is passed.

private ActionResult Tabs() // When no search term is passed.

Have you tried marking your Controller method as private?

private PartialViewResult MyPartialResultMethod()

This should allow you to call it from within your code to build up your pages and disallow any public access such as through a URl.

I'm testing this now to make doubly sure my answer is correct so I'll update as I test.

In your tabs example you could simply restrict access by using a second controller method for Tabs that's private.

So you'd have something that looks like:

public ActionResult Tabs(string searchTerm) // When a search term is passed.

and

private ActionResult Tabs() // When no search term is passed.
空城仅有旧梦在 2024-09-18 02:10:39

您可以创建一个 ActionFilter 来检查 Request.IsAjaxRequest() 是否为 true。如果不是(意味着用户直接调用视图),则相应地重新定向。

You could create an ActionFilter which checks if the Request.IsAjaxRequest() is true. If it's not (meaning the user is calling the view directly), re-direct accordingly.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文