MVC5 restricts all HTTP requests to POST
This article mainly introduces in detail the method of MVC 5 to restrict all HTTP requests to be POST. It has certain reference value. Interested friends can refer to it.
There is a colleague today , raised such a question, he wanted to restrict all HTTP requests received by MVC to be in POST mode.
Next, in the following content, I will share with you the method I thought of. If you have other methods, please leave a message.
1. HttpPostAttribute feature
The first thing everyone thinks of is that MVC provides the HttpPostAttribute feature, which is used to restrict HTTP requests to be submitted in POST mode.
public class HomeController : Controller
{
[HttpPost]
public ActionResult Index()
{
return View();
}
}This feature can only be marked on the Action method. We need to mark each Action method and make a Coder. We definitely cannot accept this method. .
//
// 摘要:
// 表示一个特性,该特性用于限制操作方法,以便该方法仅处理 HTTP POST 请求。
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class HttpPostAttribute : ActionMethodSelectorAttribute
{
}2. Using HttpModule
In the Asp.Net pipeline, you can use HttpModule to handle events in the HttpApplication object Register your own event handler to control all HTTP requests.
public class HttpMethodModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.PostMapRequestHandler += Context_PostMapRequestHandler;
}
private void Context_PostMapRequestHandler(object sender, EventArgs e)
{
HttpApplication httpApplication = (HttpApplication) sender;
HttpContext httpContext = httpApplication.Context;
//判断当前是否使用的是 MVC 框架来处理请求,其它的请示不做控制。
MvcHandler mvcHandler = httpContext.Handler as MvcHandler;
if (mvcHandler != null && httpContext.IsPostMethod() == false) {
throw new HttpException(404, "访问的资源不存在。");
}
}
public void Dispose()
{
}
}Add relevant configurations in Web.config.
<?xml version="1.0" encoding="utf-8"?> <configuration> <system.webServer> <modules> <add name="HttpMethod" type="HttpPostWebApp.Web.HttpMethodModule, HttpPostWebApp"/> </modules> </system.webServer> </configuration>
After testing, it can meet our requirements (the test results will not be demonstrated).
3. MVC filter
In MVC, requests can be controlled through global filters.
public class HttpPostFilter : IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.IsPostMethod() == false) {
//如果不是POST请求,则返回404。
filterContext.Result = new HttpNotFoundResult();
}
}
}When the program starts, register as a global filter.
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HttpPostFilter());
}
}4. Routing constraints
When registering a route, you can define routing constraints. In the following way, the request method can be limited to POST requests.
public class RouteConfig
{
public static void RegisterRoutes(RouteCollection routes)
{
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
//限制请求方式必须是POST
, constraints:new { httpMethod = new HttpMethodConstraint("POST")}
);
}
}5. Override Controller methods
In MVC, all controllers inherit from Controller by default.
We can define an abstract class of BaseController, override OnActionExecuting, and other controllers inherit from BaseController.
public abstract class BaseController : Controller
{
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.IsPostMethod() == false) {
//如果不是POST请求,则返回404。
filterContext.Result = new HttpNotFoundResult();
}
else {
base.OnActionExecuting(filterContext);
}
}
}This method requires modifying the base classes of all controllers and is not recommended.
Of course, if you have defined your own controller base class, the workload of this method is also very small.
Summary
Among the above five methods, the second, third, and fourth methods are very simple, but I recommend the fourth method, because if the needs change , the maintenance workload is minimal.
If you have other methods, please leave a message, thank you!
The above is the detailed content of MVC5 restricts all HTTP requests to POST. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What does http status code 520 mean?
Oct 13, 2023 pm 03:11 PM
HTTP status code 520 means that the server encountered an unknown error while processing the request and cannot provide more specific information. Used to indicate that an unknown error occurred when the server was processing the request, which may be caused by server configuration problems, network problems, or other unknown reasons. This is usually caused by server configuration issues, network issues, server overload, or coding errors. If you encounter a status code 520 error, it is best to contact the website administrator or technical support team for more information and assistance.
What is http status code 403?
Oct 07, 2023 pm 02:04 PM
HTTP status code 403 means that the server rejected the client's request. The solution to http status code 403 is: 1. Check the authentication credentials. If the server requires authentication, ensure that the correct credentials are provided; 2. Check the IP address restrictions. If the server has restricted the IP address, ensure that the client's IP address is restricted. Whitelisted or not blacklisted; 3. Check the file permission settings. If the 403 status code is related to the permission settings of the file or directory, ensure that the client has sufficient permissions to access these files or directories, etc.
Understand common application scenarios of web page redirection and understand the HTTP 301 status code
Feb 18, 2024 pm 08:41 PM
Understand the meaning of HTTP 301 status code: common application scenarios of web page redirection. With the rapid development of the Internet, people's requirements for web page interaction are becoming higher and higher. In the field of web design, web page redirection is a common and important technology, implemented through the HTTP 301 status code. This article will explore the meaning of HTTP 301 status code and common application scenarios in web page redirection. HTTP301 status code refers to permanent redirect (PermanentRedirect). When the server receives the client's
How to use Nginx Proxy Manager to implement automatic jump from HTTP to HTTPS
Sep 26, 2023 am 11:19 AM
How to use NginxProxyManager to implement automatic jump from HTTP to HTTPS. With the development of the Internet, more and more websites are beginning to use the HTTPS protocol to encrypt data transmission to improve data security and user privacy protection. Since the HTTPS protocol requires the support of an SSL certificate, certain technical support is required when deploying the HTTPS protocol. Nginx is a powerful and commonly used HTTP server and reverse proxy server, and NginxProxy
HTTP 200 OK: Understand the meaning and purpose of a successful response
Dec 26, 2023 am 10:25 AM
HTTP Status Code 200: Explore the Meaning and Purpose of Successful Responses HTTP status codes are numeric codes used to indicate the status of a server's response. Among them, status code 200 indicates that the request has been successfully processed by the server. This article will explore the specific meaning and use of HTTP status code 200. First, let us understand the classification of HTTP status codes. Status codes are divided into five categories, namely 1xx, 2xx, 3xx, 4xx and 5xx. Among them, 2xx indicates a successful response. And 200 is the most common status code in 2xx
Send POST request with form data using http.PostForm function
Jul 25, 2023 pm 10:51 PM
Use the http.PostForm function to send a POST request with form data. In the http package of the Go language, you can use the http.PostForm function to send a POST request with form data. The prototype of the http.PostForm function is as follows: funcPostForm(urlstring,dataurl.Values)(resp*http.Response,errerror)where, u
Quick Application: Practical Development Case Analysis of PHP Asynchronous HTTP Download of Multiple Files
Sep 12, 2023 pm 01:15 PM
Quick Application: Practical Development Case Analysis of PHP Asynchronous HTTP Download of Multiple Files With the development of the Internet, the file download function has become one of the basic needs of many websites and applications. For scenarios where multiple files need to be downloaded at the same time, the traditional synchronous download method is often inefficient and time-consuming. For this reason, using PHP to download multiple files asynchronously over HTTP has become an increasingly common solution. This article will analyze in detail how to use PHP asynchronous HTTP through an actual development case.
Common network communication and security problems and solutions in C#
Oct 09, 2023 pm 09:21 PM
Common network communication and security problems and solutions in C# In today's Internet era, network communication has become an indispensable part of software development. In C#, we usually encounter some network communication problems, such as data transmission security, network connection stability, etc. This article will discuss in detail common network communication and security issues in C# and provide corresponding solutions and code examples. 1. Network communication problems Network connection interruption: During the network communication process, the network connection may be interrupted, which may cause
