在asp.net mvc中隐藏url路由参数
有没有一种方法可以专门向用户隐藏 ASP.NET MVC 中的路由参数。具体来说,我想要一个链接
http://sitename.com/Do?title = 2 简单地成为 http://sitename.com/Do
但在内部将 titleId 传递给我的控制器。
这样做可以吗?
谢谢
更新:是的,我的网页上有一些按钮当前具有诸如 href 之类的按钮,但我宁愿隐藏所有参数,以便用户不会通过尝试不同的参数直接转到页面的其他部分。 @Moshe,不,它不是来自提交或发布,否则我会使用强类型视图。谢谢
Is there a method for specifically hiding the routing parameters in ASP.NET MVC from the users. Specifically, I'd like a link
http://sitename.com/Do?title = 2
to simply become
http://sitename.com/Do
but internally pass the titleId to my controller.
Is that do able?
Thanks
Update: yes, there are buttons on my webpage that currently have such as their href, but I'd rather hide all the parameters so users dont go to other parts of the page directly by trying differnt parameters. @Moshe, no its not a from submit or post else I'd have used a strongly typed view. Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只要您的参数位于客户端,它们就永远不会“隐藏”,除非您对其进行加密。您可以将参数存储在隐藏字段中并将操作方法设置为 post,然后该值在 URL 中不可见。但是对网络有一点了解的用户仍然可以操纵隐藏字段(除非您以某种方式加密该值)。
编辑:如果必须保存,您必须检查服务器上用户的凭据。否则,您可以像其他示例中那样模糊数据,或者可以使用加密,例如使用 ProtectData.Protect(...)。
As long as your parameters are on the client, they are never 'hidden' unless you encrypt them. You could store the parameter in a hidden field and set the action method to post, then the value is not visible in the URL. But a user with a little bit of knowlegde about web could still manipulate the hidden field (unless you encrypt the value in some way).
EDIT: If it has to be save you have to check the user's credentials on the server. Otherwise you can obscure the data like in the other sample or you can use encryption, e.g. with ProtectData.Protect(...).
对于必须来回传递到视图的简单数值,您可以在控制器中编写两个私有方法:
您可以在将值传递到视图之前使用它们来隐藏值,并在发布它们后取消隐藏它们后退。请注意,这确实不是实现安全性的好方法,如
另一种选择是创建一个 Obscure/DeObscure 过程,该过程接受整个查询字符串并以某种方式来回破坏它。但这需要编写一个自定义 ViewEngine。听起来很有趣...
For simple numeric values that have to be passed back and forth to a view you can write two private methods in your controller:
You can use these to obscure values before you pass them to a view, and de-obscure them after you get them posted back. Mind you, this is really not a good way to implement security, as is explained in this stackoverflow post.
Another option is to create an Obscure/DeObscure procedure that takes in the entire querystring and somehow mangles that back and forth. This would required writing a custom ViewEngine though. Sounds interesting...