C# Request.UrlReferrer 为空?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/149130/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Request.UrlReferrer null?
提问by Mario
In an aspx C#.NET page (I am running framework v3.5), I need to know where the user came from since they cannot view pages without logging in. If I have page A(the page the user wants to view) redirect to page B(the login page), the Request.UrlReferrer object is null.
在 aspx C#.NET 页面(我正在运行框架 v3.5)中,我需要知道用户来自哪里,因为他们无法在不登录的情况下查看页面。如果我有页面A(用户想要查看的页面)重定向到page B(登录页面),Request.UrlReferrer 对象为空。
Background: If a user isn't logged in, I redirect to the Login page (Bin this scenario). After login, I would like to return them to the page they were requesting before they were forced to log in.
背景:如果用户未登录,我将重定向到登录页面(B在这种情况下)。登录后,我想在他们被迫登录之前将他们返回到他们请求的页面。
UPDATE:
A nice quick solution seems to be:
//if user not logged in
Response.Redirect("..MyLoginPage.aspx?returnUrl=" + Request.ServerVariables["SCRIPT_NAME"]);
Then, just look at QueryString on login page you forced them to and put the user where they were after successful login.
更新:
一个不错的快速解决方案似乎是:
//if user not logged in
Response.Redirect("..MyLoginPage.aspx?returnUrl=" + Request.ServerVariables["SCRIPT_NAME"]);
然后,只需查看登录页面上的 QueryString 您强迫他们进入并在成功登录后将用户置于他们所在的位置。
采纳答案by Jon Adams
If you use the standard Membership provider, and set the Authorization for the directory/page, the code will automatically set a query parameter of ReturnUrl and redirect after a successfull login.
如果使用标准的Membership provider,并且设置目录/页面的Authorization,代码会自动设置ReturnUrl的查询参数,登录成功后重定向。
If you don't want to use the Membership provider pattern, I would suggest manually doing the query string parameter thing as well. HTTP referrers are not very reliable.
如果您不想使用成员身份提供程序模式,我建议您也手动执行查询字符串参数操作。HTTP 引荐来源网址不是很可靠。
回答by hangy
The problem could be related on how you redirect the user to some other page. Anyways, the referer url is nothing you should take as absolute rule - a client can fake it easily.
问题可能与您如何将用户重定向到其他页面有关。无论如何,referer url 并不是你应该采取的绝对规则——客户可以很容易地伪造它。
回答by Orion Adrian
What you're looking for is best done with a query string variable (e.g. returnURL or originURL). Referrer is best used for data mining operations as it's very unreliable.
您要查找的内容最好使用查询字符串变量(例如 returnURL 或 originURL)来完成。Referrer 最适合用于数据挖掘操作,因为它非常不可靠。
See the way ASP.Net does redirection with logins for an example.
有关示例,请参阅 ASP.Net 使用登录进行重定向的方式。
回答by Mark Brackett
UrlReferrer is based off the HTTP_REFERERheader that a browser shouldsend. But, as with all things left up to the client, it's variable.
UrlReferrer 基于浏览器应发送的HTTP_REFERER标头。但是,与留给客户的所有事情一样,它是可变的。
I know some "security" suites (like Norton's Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I'm sure there's some Firefox extensions to do the same thing.
我知道一些“安全”套件(如 Norton 的 Internet Security)会去除该标头,相信它有助于跟踪用户行为。另外,我确信有一些 Firefox 扩展可以做同样的事情。
Bottom line is that you shouldn't trust it. Just append the url to the GET string and redirect based off that.
底线是你不应该相信它。只需将 url 附加到 GET 字符串并基于此重定向。
UPDATE: As mentioned in the comments, it is probably a good idea to restrict the redirect from the GET parameter to only work for domain-less relative links, refuse directory patterns (../), etc. So still sanity check the redirect; if you follow the standard "don't use any user-supplied input blindly" rule you should be safe.
更新:如评论中所述,将 GET 参数的重定向限制为仅适用于无域相关链接、拒绝目录模式 (../) 等可能是一个好主意。如果您遵循标准的“不要盲目使用任何用户提供的输入”规则,那么您应该是安全的。
