参考:http://blog.csdn.net/try530/article/details/7782730
在重写AuthorizeCore方法时加入以下代码
Uri UrlReferrer = httpContext.Request.UrlReferrer;//获取来路
if (UrlReferrer == null)
{
return false;
}
Uri ThisUrl = httpContext.Request.Url;
if (UrlReferrer.Authority != ThisUrl.Authority)
{
return false;
}