开发者

Asp.net denying direct access to a webpage

开发者 https://www.devze.com 2022-12-22 11:19 出处:网络
I have a webpage errors.aspx that needs to be protected from direct access. I want it to 开发者_如何学Gobe accessed only when redirected to by another web page.

I have a webpage errors.aspx that needs to be protected from direct access.

I want it to 开发者_如何学Gobe accessed only when redirected to by another web page.

How can I do it?


If you are using a Server.Transfer to redirect to the new page, then you can pass a variable in Context collection and check for that in the new page.

Page 1

Context.Items.Add("somevar","someval");

Page 2

if ( Context.Items["somevar"] == null )
{
    // the page is not redirected from Page 1
}


keep some Boolean value in session and throw an exception from the error page if the value is not set. set the value in the previous page before redirection and that's it


You could add redirectMode="ResponseRewrite" to the customErrors tag in web.config. This makes the error redirection like a Server.Transfer instead of a Response.Redirect. So, if they are at SomePage.aspx and an error occurs instead of the URL changing to MyErrorPage.aspx it would stay as SomePage.aspx but would render the HTML from MyErrorPage.aspx. On your MyErrorPage.aspx code behind, you could check the Request.Path and if it is MyErrorPage.aspx that means that someone is trying to directly access the error page. In this case you could do a Response.End or whatever else you might want to do at this point to prevent direct access of this page.


Insert Flowing into WebConfig

<system.web>
  <httpHandlers>
    <remove verb="*" path="*.aspx" />
    <add path="*.aspx" verb="*" type="System.Web.HttpNotFoundHandler" />
  </httpHandlers>
</system.web>

<system.webServer>
  <validation validateIntegratedModeConfiguration="false" />
  <handlers>
    <add name="BlockViewHandler" path="*.aspx" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
  </handlers>
</system.webServer>
0

精彩评论

暂无评论...
验证码 换一张
取 消