只能判断相对路径:http://localhost:6666/Account/Login?returnUrl=/User/Index
不能判断绝对路径:http://localhost:6666/Account/Login?returnUrl=http://localhost:6666/User/Index
1.防止开放重定向:
/// <summary> /// 防止开放重定向(来自Mvc中的UrlHelper.IsLocalUrl) /// </summary> /// <param name="url"></param> /// <returns></returns> public static bool IsLocalUrl(string url) { return !string.IsNullOrEmpty(url) && ((url[0] == ‘/‘ && (url.Length == 1 || (url[1] != ‘/‘ && url[1] != ‘\\‘))) || (url.Length > 1 && url[0] == ‘~‘ && url[1] == ‘/‘)); }
2.使用方法:
public void Login(string userName,string password, string returnUrl) { //logic code //validate userName password if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl) ) { return Response.Redirect(returnUrl); } return Response.Redirect("/"); }
原文地址:https://www.cnblogs.com/slwangzi/p/8496508.html
时间: 2024-10-14 19:40:33