我正在用成员身份实现ASP MVC。该网站托管在Azure云中。
防止的防御措施有哪些
- Sql注入暴力攻击
- 如何根据尝试阻止/锁定用户访问IP
我有第一个问题的答案。您必须在"会话[数据]"中存储一些有用的数据,而不是从客户端发送。
public ActionResult Index()
{
try
{
if (WebSecurity.IsAuthenticated)
{
String ContractID_string = Session["ContractID"].ToString();
if(ContractID_string!="0")
另外,不要在linq或sqlQuery中未经检查就使用来自客户端的一些字符串输入值。
使用的最佳方式
受控
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult _SaveMail(Email_Options Mail)
在视图
@using (Ajax.BeginForm("_SaveMail", "Contract", Model,
new AjaxOptions
{
UpdateTargetId = "Email_Options",
OnFailure = "alert('errr')",
OnSuccess = "DeleteErrorMessage('#Form_"+ViewBag.Contract_part+"')"
}, htmlAttributes: new { id = "Form_"+ViewBag.Contract_part}))
{
@Html.AntiForgeryToken()
@Html.ValidationSummary()
<table id="Email_Options">
<tbody>
<tr>
<th>@Html.LabelFor(m => Model.Email, new { style = "font-size:1.05em;" })</th>
<th>
@Html.HiddenFor(m => Model.ContractID)
@Html.EditorFor(m => Model.Email)
@Html.ValidationMessageFor(m => Model.Email)
<button style="font-size:1em; margin:0px; padding:0;" type="submit">Сохранить</button>
</th>
</tr>
<tr>
<th>@Html.LabelFor(m => Model.SendToEmail, new { @class = "checkbox" })</th>
<th>@Html.CheckBoxFor(m => Model.SendToEmail)</th>
</tr>
<tr>
<th>@Html.LabelFor(m => Model.SentToHome, new { @class = "checkbox" })</th>
<th>@Html.CheckBoxFor(m => Model.SentToHome)</th>
</tr>
<tr>
<th>@Html.LabelFor(m => Model.Print, new { @class = "checkbox" })</th>
<th>@Html.CheckBoxFor(m => Model.Print)</th>
</tr>
</tbody>
</table>
}