tags:

views:

55

answers:

4

I am writing ASP.NET MVC application.
When the user first logs in, the application should display a page for his acceptance of the Terms of Use.
If the user does not accept the terms, he will be redirected to log in page. If he accepts the Terms, then he can continue using my app.
Where is the best place in the application where I can check this condition in order to call ReddirectToAction ?

+1  A: 

I would store the 'Accepted T&C' flag on a User object.

I would then retreive the logged in user information, check the flag, and redirect appropriately in the Controller Action.

Justin Niessner
A: 

There are plenty of sample applications out there that have authentication/authorization examples in them. Barring a better suggestion, I would take a look at how they handle access to a restricted page (i.e. if not authenticated then redirect to login, if not authorized then redirect to error, otherwise display page). Then you could use the same technique to redirect if they have not accepted your terms.

Mayo
A: 

If you have a "BaseController" type class that all other controllers inherit from, override the OnActionExecuting method and make the check there.

ETA - Obviously the controller that presents the terms page wouldn't have that behavior or you would end up in a redirect loop, so you would need to have a "BaseLoggedInController" or some such thing that all the controllers except for the one that presents the terms/login pages would inherit from.

Eric Petroelje
A: 

Implement an AuthorizeAttribute which checks the acceptance flag set on user and redirects if appropriated. If it is not set the user will be sent to terms of use page. If he denies, he will be redirected to "you should accept page".

Implement an Controller base class which is an AuthorizeFilter. Implement the check in the OnAuthorization method.

Christian13467