如何防止用户通过搜索栏访问路线?
我正在开发这个 Dotnet 核心 MVC/Razor Pages 应用程序,它应该阻止用户通过搜索栏访问某些控制器路由,除非他们在注册表单中指定它。我如何实现这一目标?dotnet core MVC 有这个关键字吗?我卡住了。显示注册的身份/帐户/注册的一些相关代码如下
[Required]
[Display(Name = "Choose businesslisting or choice")]
public string Decision { get; set; }
}
public void OnGet(string returnUrl = null)
{
ReturnUrl = returnUrl;
}
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var user = new IdentityUser { UserName = Input.Email, Email = Input.Email };
var result = await _userManager.CreateAsync(user, Input.Password);
if (Input.Decision == "Business Listing" || Input.Decision == "business listing")
{
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Change your password",
$"Please change your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
await _signInManager.SignInAsync(user, isPersistent: false);
return LocalRedirect(returnUrl);
}
}
德玛西亚991回答
-
侃侃尔雅
我将从 ASP.NET Core 授权文档开始https://learn.microsoft.com/en-us/aspnet/core/security/authorization/introduction?view=aspnetcore-2.2您可能会发现基于声明的身份验证在这种情况下很有用https://learn.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-2.2创建用户后,您可以添加允许他们访问特定控制器/url 的特定声明。
随时随地看视频慕课网APP
相关分类
C#