MVC5 limit all HTTP must be post-requested

This article mainly for you in detail the MVC 5 limit all HTTP requests must be the method of post, with a certain reference value, interested in small partners can refer to

Today, a colleague raised the question that he wanted to limit the HTTP requests received by all MVC to be post.

Next in the content below, will I think of the way to share to everyone, if you have other ways, please leave a message.

First, Httppostattribute characteristics

First of all, when you think of it, MVC provides the Httppostattribute feature, which is used to restrict HTTP requests that must be post-submitted.

public class Homecontroller:controller {  [httppost] public ActionResult Index () {  return View ();}}

This feature can only be marked on the action method, we need to mark each action method, do a coder, this way, we certainly can not receive.

Summary://Represents an attribute that is used to restrict the action method so that the method only processes HTTP POST requests. [AttributeUsage (AttributeTargets.Method, AllowMultiple = False, inherited = true)] public sealed class Httppostattribute : Actionmethodselectorattribute {}

Second, the use of HttpModule

In an ASP. NET pipeline, you can control all HTTP requests by registering your own event handlers for the events in the HttpApplication object by HttpModule.

public class Httpmethodmodule:ihttpmodule {public void Init (HttpApplication context) {  context. Postmaprequesthandler + = Context_postmaprequesthandler; private void Context_postmaprequesthandler (object sender, EventArgs e) {  HttpApplication HttpApplication = ( HttpApplication) sender;  HttpContext httpcontext = Httpapplication.context;  Determine whether the MVC framework is currently being used to handle requests, and other instructions do not control them.  Mvchandler Mvchandler = Httpcontext.handler as Mvchandler;  if (Mvchandler! = null && httpcontext.ispostmethod () = = False) {  throw new HttpException (404, "The resource accessed does not exist. ");  } } public void Dispose () {}}

Add the related configuration in Web. config.

<?xml version= "1.0" encoding= "Utf-8"?><configuration> <system.webServer> <modules> <add Name= "HttpMethod" type= "HttpPostWebApp.Web.HttpMethodModule, Httppostwebapp"/> </modules> </ System.webserver></configuration>

After testing, it is possible to meet our requirements (the test results are not done in the demo).

Third, MVC filter

In MVC, the request can be controlled by a global filter.

public class Httppostfilter:iauthorizationfilter {public void onauthorization (AuthorizationContext filtercontext) { C1/>if (FilterContext.HttpContext.IsPostMethod () = = False) {  //If it is not a POST request, 404 is returned.  Filtercontext.result = new Httpnotfoundresult ();  } } }

When the program starts, it is registered as a global filter.

public class Filterconfig {public static void Registerglobalfilters (Globalfiltercollection filters) {  filters. ADD (New Httppostfilter ()); } }

IV. Routing constraints

When you register a route, you can define a constraint for the route. You can limit the request mode to a POST request in the following ways.

public class Routeconfig {public static void RegisterRoutes (RouteCollection routes) {  routes. MapRoute (  name: "Default",  URL: "{controller}/{action}/{id}",  defaults:new {controller = "Home", action = "Index", id = urlparameter.optional}  //Limit request method must be post  , constraints:new {httpmethod = new Httpmethodconstraint ( "POST")}  ); } }

V. Rewriting the Controller method

In MVC, all controllers inherit from the controller by default.

We can define an abstract class of Basecontroller, rewrite the onactionexecuting, and all other controllers inherit from Basecontroller.

Public abstract class Basecontroller:controller {protected override void OnActionExecuting (ActionExecutingContext filt Ercontext) {if    (filterContext.HttpContext.IsPostMethod () = = False) {  ///If not a POST request, 404 is returned.  Filtercontext.result = new Httpnotfoundresult ();  }  else {  base. OnActionExecuting (Filtercontext);  } } }

This method requires modifying the base class of all controllers, not recommended.

Of course, if you have defined your own controller base class, this is a very small amount of work.

Summarize

Of the above five methods, the two, three or four methods are very simple, but I recommend method four, because if the requirements change, the maintenance workload is minimal.

If you have other ways, please leave a message, thank you!