AuthorizeAttributeプロパティを使用して、MVCのドメイン間攻撃を簡単に回避
7774 ワード
--- , 。
,ajax
[csharp] view plaincopy
01.using System;
02.using System.Collections.Generic;
03.using System.Linq;
04.using System.Web;
05.using System.Web.Mvc;
06.
07.namespace Admin.MyAttribute
08.{
09. [AttributeUsage(AttributeTargets.All, Inherited = true)]
10. public class CheckAuthority : AuthorizeAttribute
11. {
12.
13. protected override bool AuthorizeCore(HttpContextBase httpContext)
14. {
15. bool Pass = true;
16. Uri UrlReferrer = httpContext.Request.UrlReferrer;//
17. if (UrlReferrer == null)
18. {
19. httpContext.Response.StatusCode = 401;//
20.
21. Pass = false;
22. }
23. else
24. {
25. Uri ThisUrl = httpContext.Request.Url;// URL
26. if (UrlReferrer.Authority != ThisUrl.Authority)
27. {
28. httpContext.Response.StatusCode = 401;//
29. Pass = false;
30. }
31. }
32.
33.
34. return Pass;
35. }
36.
37.
38.
39. protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
40. {
41. base.HandleUnauthorizedRequest(filterContext);
42. if (filterContext.HttpContext.Response.StatusCode == 401)
43. filterContext.Result = new RedirectResult("/");
44. }
45.
46.
47.
48.
49. }
50.}
[csharp] view plaincopy
01.
[csharp] view plaincopy
01. [MyAttribute.CheckAuthority]
02. public ActionResult Index()
03. {
04.
05. return View();
06. }
回転元:http://blog.csdn.net/try530/article/details/7782730