我们如何路由像 {calendar}/{controller}/{action}/{id} 这样的东西

发布于 2024-09-26 07:45:04 字数 1097 浏览 1 评论 0原文

作为 MVC 的初学者，我试图找出满足我的需求的完成路线的最佳方式，但我一点运气都没有，所以我请寻求任何帮助

我的网络应用程序由日历驱动，每个日历都有很多操作

订阅
编辑日历
查看获胜者
每日挑战
等...

以及我想避免传递类似

mydomain.com/calendar/2

我的想法的东西，即隐藏ID，这样没有人可以对其他日历进行逻辑访问，例如

mydomain.com/q2tsT

，q2tsT 可以是一个 10 个字符的随机生成的字符串，然后我想要路线，例如：

mydomain.com/q2tsT/subscribe
mydomain.com/q2tsT/daily-challenge
mydomain.com/q2tsT/winners
mydomain.com/q2tsT/prizes

我将如何设置我的路线要像这样执行吗？

类似于：

routes.MapRoute(
    "CalendarRoute",
    "{calendar}/{controller}/{action}/{id}",
    new { 
        calendar = "Empty", 
        controller = "Frontend", 
        action = "Index", 
        id = UrlParameter.Optional }
);

但是我要如何处理日历？我在哪里拿起它，这样我就可以转换为 ID，这样查询数据库会更快，

我在这里有点迷失了:(

原文

As a beginner in MVC I'm trying to figure out what's the best way to accomplish a route for my needs, and I'm getting no luck at all, so I'm kindly ask for any help

My webApp is driven by Calendars, and per each Calendar there are a bunch of actions

Subscribe
Edit Calendar
View Winners
Daily Challenge
etc...

and I would like to avoid passing something like

mydomain.com/calendar/2

my idea would be to hide the ID so no one can have logical access to other calendars, for example

mydomain.com/q2tsT

where q2tsT could be a 10 char random generated string and then I would like to have routes such as:

mydomain.com/q2tsT/subscribe
mydomain.com/q2tsT/daily-challenge
mydomain.com/q2tsT/winners
mydomain.com/q2tsT/prizes

How would I set up my Route to perform like this?

something like:

routes.MapRoute(
    "CalendarRoute",
    "{calendar}/{controller}/{action}/{id}",
    new { 
        calendar = "Empty", 
        controller = "Frontend", 
        action = "Index", 
        id = UrlParameter.Optional }
);

but what will I do with the calendar? where do I pick it up so I can convert to an ID so querying the DB would be faster

I'm kinda lost here :(

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

何止钟意 2024-10-03 07:45:04

首先，即使将日历 ID“隐藏”在字符串后面，仍然无法阻止用户尝试猜测适当的 ID。无论您使用什么解决方案，都需要在操作中内置安全性，以确保只向授权用户显示适当的数据。

要获取日历 - 只需将字符串值传递到您的操作方法中并在那里对其进行解码。

routes.MapRoute(
    "CalendarRoute",
    "{calendar}/{controller}/{action}/{id}",
    new { 
        calendar = "Empty", 
        controller = "Frontend", 
        action = "Index", 
        id = UrlParameter.Optional }
);

public ActionResult Index(string calendar, int? id) {
   // decode the calendar into something useful
...    
}

Firstly, even by 'hiding' the calendar ID behind a string there is still nothing to stop a user from trying to guess an appropriate ID. Whatever solution you use will need to have security built in to the actions to ensure the appropriate data is only shown to authorized users.

To get the calendar - just pass the string value into your action method and decode it there.

routes.MapRoute(
    "CalendarRoute",
    "{calendar}/{controller}/{action}/{id}",
    new { 
        calendar = "Empty", 
        controller = "Frontend", 
        action = "Index", 
        id = UrlParameter.Optional }
);

public ActionResult Index(string calendar, int? id) {
   // decode the calendar into something useful
...    
}

回复收藏 0 原文

~没有更多了~