跨域攻击---自然来路页面和目标页面不在同一个域下，所以直接判断来路域和当前自己的域就可以了。

可以广泛应用于表单提交，ajax调用或者某些不想让用户直接输入网址看到的页面

[csharp] view plaincopy

.using System;

.using System.Collections.Generic;

.using System.Linq;

.using System.Web;

.using System.Web.Mvc;

.

.namespace Admin.MyAttribute

.{

.    [AttributeUsage(AttributeTargets.All, Inherited = true)]

.    public class CheckAuthority : AuthorizeAttribute

.    {

.

.        protected override bool AuthorizeCore(HttpContextBase httpContext)

.        {

.            bool Pass = true;

.            Uri UrlReferrer = httpContext.Request.UrlReferrer;//获取来路

.            if (UrlReferrer == null)

.            {

.                httpContext.Response.StatusCode = ;//无权限状态码

.

.                Pass = false;

.            }

.            else

.            {

.                 Uri ThisUrl = httpContext.Request.Url;//当前请求的URL

.                if (UrlReferrer.Authority  != ThisUrl.Authority)

.                {

.                    httpContext.Response.StatusCode = ;//无权限状态码

.                    Pass = false;

.                }

.            }

.

.

.            return Pass;

.        }

.

.

.

.        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)

.        {

.            base.HandleUnauthorizedRequest(filterContext);

.            if (filterContext.HttpContext.Response.StatusCode == )

.                filterContext.Result = new RedirectResult("/");

.        }

.

.

.

.

.    }

.}  

[csharp] view plaincopy

.调用方法  

[csharp] view plaincopy

. [MyAttribute.CheckAuthority]

.        public ActionResult Index()

.        {

.

.            return View();

.        }