如果直接请求,我是否可以阻止提供某些 PartialViews?
我正在开发一个网站,该网站具有渲染部分视图的操作的路由。许多局部视图都是组件,它们共同构成了一个完整的页面。
例如,我正在处理的搜索页面有一个文本框、选项卡列表和一个表格。
其中每个都可以通过类似于以下的 URL 进行访问
/Search/SearchPanel
/Search/Tabs/{SearchTerm}
/Search/ResultsTable/SearchTerm?tab=[currently selected tab]
,并且这些都通过我的索引页面上的 RenderPartial 进行呈现。
当页面加载时,它将按照我想要的方式显示每个组件。但目前没有什么可以阻止用户直接访问 url
/Search/Tabs
以仅呈现选项卡控件,该选项卡控件在页面上其余元素的上下文之外毫无意义。
我有办法阻止这种情况吗?
I'm working on a site that has routes to actions which render Partial Views. A lot of these partial views are components which together make up a complete page.
For instance on a search page I'm working on has a text box, a list of tabs, and a Table.
Seach of these can be accessed with a URL similar to
/Search/SearchPanel
/Search/Tabs/{SearchTerm}
/Search/ResultsTable/SearchTerm?tab=[currently selected tab]
and these are all rendered on with a RenderPartial on my Index page.
When the page loads, it will display each of these components the way I want it. But at the moment there's nothing stopping a user from going directly to the url
/Search/Tabs
to render only a tab control which is meaningless outside the context of the rest of the elements on the page.
Is there a way for me to prevent this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您是否尝试过将您的控制器方法标记为
私有?这应该允许您从代码中调用它来构建您的页面并禁止任何公共访问(例如通过 URl)。
我现在正在测试这个,以确保我的答案是正确的,所以我会在测试时更新。
在选项卡示例中,您可以通过使用私有选项卡的第二个控制器方法来简单地限制访问。
所以你会得到看起来像这样的东西:
和
Have you tried marking your Controller method as
private?This should allow you to call it from within your code to build up your pages and disallow any public access such as through a URl.
I'm testing this now to make doubly sure my answer is correct so I'll update as I test.
In your tabs example you could simply restrict access by using a second controller method for Tabs that's private.
So you'd have something that looks like:
and
您可以创建一个 ActionFilter 来检查 Request.IsAjaxRequest() 是否为 true。如果不是(意味着用户直接调用视图),则相应地重新定向。
You could create an ActionFilter which checks if the Request.IsAjaxRequest() is true. If it's not (meaning the user is calling the view directly), re-direct accordingly.