问题
Consider that a request is sent to this path:
http://domain/users/1534
This URL is in public security, so everyone can see it without being authenticated in the site (without being logged in).
Now consider that another URL should be secure:
http://domain/admin/update-user
This URL should pass the authentication process.
Now, In my code, somewhere I need to know if the current path is a secure path or not (please don't ask why, and also by secure path I don't mean SSL, I'm just talking about paths for which login is required).
How can I know that HttpContext.Request.Url.AbsolutePath is a secure path?
Update: What I need is something like:
SecurityHelper.ShouldCurrentRequestPathBeAuthenticated(Request.Url.AbsolutePath)
回答1:
It depends on how you implement the authorization process. Somewhere you will need to define it, so that's how you know if it's secure path.
Standard ASP.NET would use the location/security settings in this case.
If your using standard authentication/authorization then I believe you can use CheckUrlAccessForPrincipal.
UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, verb);
来源:https://stackoverflow.com/questions/7316584/how-to-know-if-the-current-path-is-a-secure-path-or-not-in-asp-net