How to restrict all HTTP requests to POST?-C#.Net Tutorial-php.cn

Home

Backend Development

C#.Net Tutorial

How to restrict all HTTP requests to POST?

零下一度

Jun 19, 2017 am 10:09 AM

httphowlimit

This article mainly introduces in detail the method of MVC 5 to restrict all HTTP requests to be POST. It has certain reference value. Interested friends can refer to it.

There is a colleague today , raised such a question, he wanted to restrict all HTTP requests received by MVC to be in POST mode.

Next, in the following content, I will share with you the method I thought of. If you have other methods, please leave a message.

1. HttpPostAttribute feature

The first thing everyone thinks of is that MVC provides the HttpPostAttribute feature, which is used to restrict HTTP requests to be submitted in POST mode.

public class HomeController : Controller
 { 
 [HttpPost]
 public ActionResult Index()
 {
  return View();
 }
 }

This feature can only be marked on the Action method. We need to mark each Action method and make a Coder. We definitely cannot accept this method. .

//
 // 摘要:
 // 表示一个特性，该特性用于限制操作方法，以便该方法仅处理 HTTP POST 请求。
 [AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
 public sealed class HttpPostAttribute : ActionMethodSelectorAttribute
 {

 }

2. Using HttpModule

In the Asp.Net pipeline, you can use HttpModule to handle events in the HttpApplication object Register your own Event handler program to control all HTTP requests.

public class HttpMethodModule : IHttpModule
 {
 public void Init(HttpApplication context)
 {
  context.PostMapRequestHandler += Context_PostMapRequestHandler;
 }

 private void Context_PostMapRequestHandler(object sender, EventArgs e)
 {
  HttpApplication httpApplication = (HttpApplication) sender;
  HttpContext httpContext = httpApplication.Context;


  //判断当前是否使用的是 MVC 框架来处理请求，其它的请示不做控制。
  MvcHandler mvcHandler = httpContext.Handler as MvcHandler;

  if (mvcHandler != null && httpContext.IsPostMethod() == false) {
  throw new HttpException(404, "访问的资源不存在。");
  }
 }

 public void Dispose()
 {

 }
 }

Add relevant configurations in Web.config.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
 <modules>
 <add name="HttpMethod" type="HttpPostWebApp.Web.HttpMethodModule, HttpPostWebApp"/>
 </modules>
 </system.webServer>
</configuration>

After testing, it can meet our requirements (the test results will not be demonstrated).

3. MVC Filter

In MVC, requests can be controlled through global filters.

public class HttpPostFilter : IAuthorizationFilter
 {
 public void OnAuthorization(AuthorizationContext filterContext)
 {
  if (filterContext.HttpContext.IsPostMethod() == false) {

  //如果不是POST请求，则返回404。
  filterContext.Result = new HttpNotFoundResult();
  }
 }
 }

When the program starts, register as a global filter.

public class FilterConfig
 {
 public static void RegisterGlobalFilters(GlobalFilterCollection filters)
 {
  filters.Add(new HttpPostFilter());
 }
 }

4. Routing constraints

When registering a route, you candefine the route constraint. In the following way, the request method can be limited to POST requests.

public class RouteConfig
 {
 public static void RegisterRoutes(RouteCollection routes)
 {
  routes.MapRoute(
  name: "Default",
  url: "{controller}/{action}/{id}",
  defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
  //限制请求方式必须是POST
  , constraints:new { httpMethod = new HttpMethodConstraint("POST")}
  );
 }
 }

5. Override Controller methods

In MVC, all controllers inherit from Controller by default.

We can define an abstract class of BaseController, override OnActionExecuting, and other controllers inherit from BaseController.

public abstract class BaseController : Controller
 {
 protected override void OnActionExecuting(ActionExecutingContext filterContext)
 {
  
  if (filterContext.HttpContext.IsPostMethod() == false) {
  //如果不是POST请求，则返回404。
  filterContext.Result = new HttpNotFoundResult();
  }
  else {
  base.OnActionExecuting(filterContext);
  }
 }
 }

This method requires modifying the base classes of all controllers and is not recommended.

Of course, if you have already defined your own controller base class, the workload of this method is also very small.

Summary

Among the above five methods, the second, third, and fourth methods are very simple, but I recommend the fourth method, because if the needs change , the maintenance workload is minimal.

If you have other methods, please leave a message, thank you!

Demo download:mvchttppostwebapp

The above is the detailed content of How to restrict all HTTP requests to POST?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Springboot怎么使用内置tomcat禁止不安全HTTPMay 12, 2023 am 11:49 AM

Springboot内置tomcat禁止不安全HTTP方法1、在tomcat的web.xml中可以配置如下内容让tomcat禁止不安全的HTTP方法/*PUTDELETEHEADOPTIONSTRACEBASIC2、Springboot使用内置tomcat没有web.xml配置文件，可以通过以下配置进行，简单来说就是要注入到Spring容器中@ConfigurationpublicclassTomcatConfig{@BeanpublicEmbeddedServletContainerFacto

JAVA发送HTTP请求的方式有哪些Apr 15, 2023 am 09:04 AM

1.HttpURLConnection使用JDK原生提供的net，无需其他jar包，代码如下：importcom.alibaba.fastjson.JSON;importjava.io.BufferedReader;importjava.io.InputStream;importjava.io.InputStreamReader;importjava.io.OutputStream;importjava.net.HttpURLConnection;

nginx中如何升级到支持HTTP2.0May 24, 2023 pm 10:58 PM

一、前言#ssl写在443端口后面。这样http和https的链接都可以用listen443sslhttp2default_server;server_namechat.chengxinsong.cn;#hsts的合理使用，max-age表明hsts在浏览器中的缓存时间，includesubdomainscam参数指定应该在所有子域上启用hsts，preload参数表示预加载，通过strict-transport-security:max-age=0将缓存设置为0可以撤销hstsadd_head

Nginx的HTTP2协议优化与安全设置Jun 10, 2023 am 10:24 AM

随着互联网的不断发展和改善，Web服务器在速度和性能上的需求也越来越高。为了满足这样的需求，Nginx已经成功地掌握了HTTP2协议并将其融入其服务器的性能中。HTTP2协议要比早期的HTTP协议更加高效，但同时也存在着特定的安全问题。本文将为您详细介绍如何进行Nginx的HTTP2协议优化和安全设置。一、Nginx的HTTP2协议优化1.启用HTTP2在N

Nginx中HTTP的keepalive怎么配置May 12, 2023 am 11:28 AM

httpkeepalive在http早期，每个http请求都要求打开一个tpcsocket连接，并且使用一次之后就断开这个tcp连接。使用keep-alive可以改善这种状态，即在一次tcp连接中可以持续发送多份数据而不会断开连接。通过使用keep-alive机制，可以减少tcp连接建立次数，也意味着可以减少time_wait状态连接，以此提高性能和提高httpd服务器的吞吐率(更少的tcp连接意味着更少的系统内核调用,socket的accept()和close()调用)。但是，keep-ali

Python的HTTP客户端模块urllib与urllib3怎么使用May 20, 2023 pm 07:58 PM

一、urllib概述：urllib是Python中请求url连接的官方标准库，就是你安装了python，这个库就已经可以直接使用了，基本上涵盖了基础的网络请求功能。在Python2中主要为urllib和urllib2，在Python3中整合成了urllib。Python3.x中将urllib2合并到了urllib，之后此包分成了以下四个模块：urllib.request：它是最基本的http请求模块，用来模拟发送请求urllib.error：异常处理模块，如果出现错误可以捕获这些异常urllib

Nginx http运行状况健康检查如何配置May 14, 2023 pm 06:10 PM

被动检查对于被动健康检查，nginx和nginxplus会在事件发生时对其进行监控，并尝试恢复失败的连接。如果仍然无法恢复正常，nginx开源版和nginxplus会将服务器标记为不可用，并暂时停止向其发送请求，直到它再次标记为活动状态。上游服务器标记为不可用的条件是为每个上游服务器定义的，其中包含块中server指令的参数upstream：fail_timeout-设置服务器标记为不可用时必须进行多次失败尝试的时间，以及服务器标记为不可用的时间（默认为10秒）。max_fails-设置在fai

怎么利用Java实现调用http请求Jun 02, 2023 pm 04:57 PM

一、概述在实际开发过程中，我们经常需要调用对方提供的接口或测试自己写的接口是否合适。很多项目都会封装规定好本身项目的接口规范，所以大多数需要去调用对方提供的接口或第三方接口（短信、天气等）。在Java项目中调用第三方接口的方式有：1、通过JDK网络类Java.net.HttpURLConnection；2、通过common封装好的HttpClient；3、通过Apache封装好的CloseableHttpClient；4、通过SpringBoot-RestTemplate；二、Java调用第三方

See all articles