【发布时间】:2019-08-22 18:53:45
【问题描述】:
我们的一个 ASP Web 应用程序有一个按钮,它会生成一个指向表单的过期链接。我们注意到任何拥有上述链接的人都可以查看该表格。我正在研究一种在打开链接时检查最终用户是否获得授权的方法。在他们查看链接之前询问他们的用户名/密码。
我的生成链接的子:
Protected Sub ButtonLink_Click(sender As Object, e As EventArgs)
Dim strSQL As String = ""
Dim wapguid As String = ""
Dim cmd As New SqlCommand
wapguid = System.Guid.NewGuid().ToString("N")
strSQL = "INSERT INTO [WapCustomerAccess] (wapid, wapguid, expires, generatedBy) values (@wapid, @wapguid, @expires, @generatedBy)"
cmd.CommandType = CommandType.Text
cmd.CommandText = strSQL
cmd.Parameters.AddWithValue("@wapid", WAPID)
cmd.Parameters.AddWithValue("@1", wapguid)
cmd.Parameters.AddWithValue("@generatedBy", Session.Item("UserFullName"))
cmd.Parameters.AddWithValue("@expires", Date.Now.AddDays(31).ToString)
Dim strConnString As String = System.Configuration.ConfigurationManager.ConnectionStrings("cnnCFHSWAP").ConnectionString
Dim con As New SqlConnection(strConnString)
cmd.Connection = con
Try
con.Open()
cmd.ExecuteNonQuery()
Catch ex As Exception
Response.Write(ex.Message & "<br />")
Finally
con.Close()
con.Dispose()
End Try
Dim t As New TextBox()
t.Text = "http://wap-test.cfhs.local/secure/waplink.aspx?SSL=true&hash=" & WAPID & "&guid=" & wapguid & "&expires=45&suid=05A2FF&salt=x00FF&enc=true"
t.ID = "txtLink"
t.Width = 800
t.ReadOnly = True
t.BackColor = Drawing.Color.SeaShell
PanelLink.Visible = True
PanelLink.Controls.AddAt(0, t)
PanelLink.Controls.Add(New LiteralControl("<br />"))
End Sub
【问题讨论】:
-
当我转到一个页面但需要登录时,我会得到一个这样的 URL:
https://mywebsite.com/log-in.aspx?ReturnUrl=%2fadmin%2f。尝试类似的东西。使用您为该用户创建的查询字符串发送到登录页面。 (?)