ASP.net mvc远程验证,安全吗?如何确保安全?
ASP.net mvc远程验证,安全吗?如何确保安全?
提问于 2011-11-19 05:02:55
我最近遇到了asp.net mvc中的远程验证。真的很有用的功能,但不是像这样添加到注册表单,例如检查用户名或电子邮件,打开一个安全漏洞?难道不能有人用它来挖掘网站上的信息吗?Captca显然是这个问题的解决方案,但是有人能够将它与远程验证集成在一起吗?
public class CreateUserModel : EditUserModel {
[Required]
[StringLength(6, MinimumLength = 3)]
[Remote("IsUID_Available", "Validation")]
[RegularExpression(@"(\S)+", ErrorMessage = "White space is not allowed.")]
[Editable(true)]
public override string UserName { get; set; }
} 回答 1
Stack Overflow用户
回答已采纳
发布于 2011-11-19 19:15:14
如果你想的话你可以用验证码。例如,使用谷歌的ReCaptcha,您可以安装microsoft-web-helpers NuGet,注册ReCaptcha account以获得私钥/公钥对,然后简单地修改视图模型,以便在执行远程调用时包含两个附加字段:
public class CreateUserModel : EditUserModel
{
[Required]
[StringLength(6, MinimumLength = 3)]
[Remote("IsUID_Available", "Validation", AdditionalFields = "recaptcha_response_field,recaptcha_challenge_field", HttpMethod = "POST")]
[RegularExpression(@"(\S)+", ErrorMessage = "White space is not allowed.")]
[Editable(true)]
public override string UserName { get; set; }
}在视图中:
@using Microsoft.Web.Helpers
@model CreateUserModel
@{
ReCaptcha.PublicKey = "... public key obtained from Google ...";
}
<script src="@Url.Content("~/Scripts/jquery.validate.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.js")" type="text/javascript"></script>
@using (Html.BeginForm())
{
@Html.EditorFor(x => x.UserName)
@Html.ValidationMessageFor(x => x.UserName)
@ReCaptcha.GetHtml(theme: "red")
<button type="submit">OK</button>
}在控制器中:
[HttpPost]
public ActionResult IsUID_Available(string username)
{
if (!ReCaptcha.Validate(privateKey: "... private key obtained from Google ..."))
{
return Json("sorry, please enter a correct Captcha first");
}
// TODO: the user entered a correct Captcha => you can proceed
// into usrname existence verification:
bool userExists = _repository.UserExists(username);
return Json(userExists);
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/8189102
复制相关文章
相似问题
腾讯云开发者
