asp.net mvc jsonresult 块外部使用

发布于 2024-12-04 04:19:08 字数 165 浏览 1 评论 0原文

是否可以阻止 json 结果的任何其他使用并仅允许来自我的应用程序的请求? 当我们使用这样的东西时:

Json(q, JsonRequestBehavior.AllowGet)

它允许来自任何地方的所有请求。是否存在任何身份验证来检查请求来自哪里?

Is it possible to block any other use of json result and allow just requests from my application ?
when we use something like this:

Json(q, JsonRequestBehavior.AllowGet)

it allow all requests from anywhere.is there any authentication exist to check where request is from ?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

还在原地等你 2024-12-11 04:19:08

我想你的意思是:

如何只允许 AJAX 请求?

如果是这样,请查看以下博客文章。它描述了创建可重用过滤器:

AjaxOnly 属性< /a>

代码看起来很简单,但我自己没有使用过它:

public class AjaxOnlyAttribute : ActionFilterAttribute  
{  
    public override void OnActionExecuting(ActionExecutingContext filterContext)  
    {  
        if(!filterContext.HttpContext.Request.IsAjaxRequest())  
            filterContext.HttpContext.Response.Redirect("/error/404");  
    }  

    public override void OnActionExecuted(ActionExecutedContext filterContext)  
    {  

    }  
} 

然后您可以将其应用于控制器和操作:

[AjaxOnly]  
public ActionResult AjaxActionMethod()  
{  
    //....  
}

过滤器代码假定某些控制器上存在可以通过以下路由到达的操作:

/error/404

因此,我修改了代码,并生成了一种添加任意错误路由的简单方法(默认值为“/error/404”):

public class AjaxOnlyAttribute : ActionFilterAttribute
{
    public AjaxOnlyAttribute(){}

    public AjaxOnlyAttribute(string ErrorRoute)
    {
        this.ErrorRoute = ErrorRoute;
    }

    string errorRoute = "/Error/404"; // default route
    public string ErrorRoute 
    {
        get { return errorRoute; }
        set { errorRoute = value; }
    }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (!filterContext.HttpContext.Request.IsAjaxRequest())
            filterContext.HttpContext.Response.Redirect(this.ErrorRoute); //
    }

    public override void OnActionExecuted(ActionExecutedContext filterContext)
    {

    }
}

现在可以按如下方式使用:

[AjaxOnly(ErrorRoute = "/MyArbitraryRoute/MyArbitraryParameter")
public ActionResult AjaxActionMethod()
{
   //....
}

I think you mean:

How to allow only AJAX requests?

If so, view the following blog post. It describes creating a reusable filter:

AjaxOnly attribute

The code seems quite simple, but I haven't used it myself:

public class AjaxOnlyAttribute : ActionFilterAttribute  
{  
    public override void OnActionExecuting(ActionExecutingContext filterContext)  
    {  
        if(!filterContext.HttpContext.Request.IsAjaxRequest())  
            filterContext.HttpContext.Response.Redirect("/error/404");  
    }  

    public override void OnActionExecuted(ActionExecutedContext filterContext)  
    {  

    }  
} 

That you can then apply to controllers and actions:

[AjaxOnly]  
public ActionResult AjaxActionMethod()  
{  
    //....  
}

The filter code presumes the existence of an action on some controller that can be reached by the following route:

/error/404

As a result, I have amended the code, and produced an easy way of adding an arbitrary error route (with a default value of "/error/404"):

public class AjaxOnlyAttribute : ActionFilterAttribute
{
    public AjaxOnlyAttribute(){}

    public AjaxOnlyAttribute(string ErrorRoute)
    {
        this.ErrorRoute = ErrorRoute;
    }

    string errorRoute = "/Error/404"; // default route
    public string ErrorRoute 
    {
        get { return errorRoute; }
        set { errorRoute = value; }
    }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (!filterContext.HttpContext.Request.IsAjaxRequest())
            filterContext.HttpContext.Response.Redirect(this.ErrorRoute); //
    }

    public override void OnActionExecuted(ActionExecutedContext filterContext)
    {

    }
}

This can now be used as follows:

[AjaxOnly(ErrorRoute = "/MyArbitraryRoute/MyArbitraryParameter")
public ActionResult AjaxActionMethod()
{
   //....
}
宣告ˉ结束 2024-12-11 04:19:08

将 [Authorize] 属性添加到您想要保护的方法或控制器中。您可以指定组成员资格,并且需要登录。

Add the [Authorize] attribute to your methods or controllers that you want to protect. You can specify the group membership and a login will be required.

奶茶白久 2024-12-11 04:19:08

如果您只希望自己的应用程序可以调用某个方法,请将方法声明从 public 更改为 internal。这会将方法的范围限制为来自应用程序内的调用。

If you only want a method to be callable by your own application, change the method declaration from public to internal. This will limit the scope of the method to calls from within your application.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文