HttpReferrer Validation 

public class IsPostedFromThisSiteAttribute : AuthorizeAttribute
{
  public override void OnAuthorize(AuthorizationContext filterContext)
  {
    if (filterContext.HttpContext != null)
    {
      if (filterContext.HttpContext.Request.UrlReferrer == null)
        throw new System.Web.HttpException(“Invalid submission”);
      if (filterContext.HttpContext.Request.UrlReferrer.Host !=“mysite.com”)
        throw new System.Web.HttpException(“This form wasn’t submitted from this site!”);
    }
  }
}
[IsPostedFromThisSite]
public ActionResult Register(…)

 

posted on 2013-02-22 17:06  fishyk  阅读(150)  评论(0编辑  收藏  举报

导航