Shulou(Shulou.com)06/03 Report--

I would like to share with you how MVC5 restricts all HTTP requests by POST. I believe most people don't know much about it, so share this article for your reference. I hope you will learn a lot after reading this article. Let's learn about it together.

I. HttpPostAttribute characteristics

When you first think of it, MVC provides the HttpPostAttribute feature, which is used to restrict that HTTP requests must be submitted in POST mode.

Public class HomeController: Controller {[HttpPost] public ActionResult Index () {return View ();}}

This feature can only be marked on the Action method, we need to mark on each Action method, do a Coder, this way, we certainly can not receive.

/ Summary: / / indicates a feature that restricts the operation method so that it only handles HTTP POST requests. [AttributeUsage (AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public sealed class HttpPostAttribute: ActionMethodSelectorAttribute {}

Second, use HttpModule

In the Asp.Net pipeline, you can control all HTTP requests by registering your own event handlers for events in the HttpApplication object through HttpModule.

Public class HttpMethodModule: IHttpModule {public void Init (HttpApplication context) {context.PostMapRequestHandler + = Context_PostMapRequestHandler;} private void Context_PostMapRequestHandler (object sender, EventArgs e) {HttpApplication httpApplication = (HttpApplication) sender; HttpContext httpContext = httpApplication.Context; / / determine whether the MVC framework is currently used to process requests, and other requests are not controlled. MvcHandler mvcHandler = httpContext.Handler as MvcHandler; if (mvcHandler! = null & & httpContext.IsPostMethod () = = false) {throw new HttpException (404, "the accessed resource does not exist.") ;}} public void Dispose () {}}

Add relevant configurations to Web.config.

After testing, it can meet our requirements (the test results are not being demonstrated).

3. MVC filter

In MVC, requests can be controlled through global filters.

Public class HttpPostFilter: IAuthorizationFilter {public void OnAuthorization (AuthorizationContext filterContext) {if (filterContext.HttpContext.IsPostMethod () = = false) {/ / if it is not a POST request, 404 is returned. FilterContext.Result = new HttpNotFoundResult ();}

Register as a global filter when the program starts.

Public class FilterConfig {public static void RegisterGlobalFilters (GlobalFilterCollection filters) {filters.Add (new HttpPostFilter ());}}

IV. Routing constraints

When you register a route, you can define constraints for the route. You can limit the request method to POST requests in the following ways.

Public class RouteConfig {public static void RegisterRoutes (RouteCollection routes) {routes.MapRoute (name: "Default", url: "{controller} / {action} / {id}", defaults: new {controller = "Home", action = "Index", id = UrlParameter.Optional} / / restrict request method must be POST, constraints:new {httpMethod = new HttpMethodConstraint ("POST")});}}

5. Rewrite the Controller method

In MVC, all controllers inherit from Controller by default.

We can define an abstract class of BaseController, rewrite OnActionExecuting, and other controllers inherit from BaseController.

Public abstract class BaseController: Controller {protected override void OnActionExecuting (ActionExecutingContext filterContext) {if (filterContext.HttpContext.IsPostMethod () = = false) {/ / if it is not a POST request, 404 is returned. FilterContext.Result = new HttpNotFoundResult ();} else {base.OnActionExecuting (filterContext);}

This method needs to modify the base class of all controllers and is not recommended.

Of course, if you have defined your own controller base class, the workload in this way is also very small.

The above is all the content of the article "how MVC5 restricts all HTTP requests that must be made in POST". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.