tags:

views:

32

answers:

2
Q: 

restrict the user from jumping controller and action methods

Folks:

My ASP.NET MVC 1.0 application is more like a workflow.

Means: Parent controller's action method (authentication) --> Child 1 Action method --> Child 2 Action method --> Child n Action

Now once the visitor completes the Authentication through the parent controller's action method he can manupulate the URL and jump directly to the child 2 action method. We want to avoid this and in this case we want them to a error page.

How can we implement to restrict the user from jumpin from 1 to another action method ?

+1  A: 

You could use TempData providing some key and if that value isnt there, you could redirect the user back to the previous step.

Or you could decorate the subsequent action methods with [HttpPost], set each Form action to the next action method in the controller, and the actions wouldnt be available to GET requests.

Jonathan Bates  2010-07-22 15:27:01
Thanks many !I was thinking of having more advanced solution. We have many workflow like these. So the work involved would be tremendous.Can we decorate the Action method so that we can achieve the same?
amit  2010-07-23 11:47:42
You could use the `HandleErrorAttribute`, i.e. : `[HandleError(View = "YourErrorPageView", ExceptionType = typeof(TriedToGoToStepNotAuthorizedForException))]`.You could also make a custom `FilterAttribute` (or extend `HandleErrorAttribute`) that would allow you to specify whatever criteria you need in order for the method to execute, such as HttpMethods, QueryString key/values, etc.I believe that using attributes this way would allow you the ActionMethod to focus on its own execution, while the `FilterAttribute` can handle deciding if the method should be executed.
Jonathan Bates  2010-07-23 17:15:08
Is there a way where we have the Previous visited (controller/action name) something like referrer ?So that I can check in the child action method if the referrer is the Parent or not ! Please advise.
amit  2010-07-26 06:41:52
Is there a way where we have the Previous visited (controller/action name) something like referrer ? So that I can check in the child action method if the referrer is the Parent or not ! Please advise if the below ServerVariable can be used without any isses.HttpContext.Request.ServerVariables["HTTP_REFERER"]
amit  2010-07-26 06:55:52
You could use that or the convenience method of `Request.UrlReferrer` which wraps the same thing.
Jonathan Bates  2010-07-26 12:30:07
Yes..it worked as of now i am using HttpContext.Request.ServerVariables["HTTP_REFERER"]
amit  2010-07-27 11:44:56
A: 

Make your child action methods private so that they can only be accessed via the parent action.

[Authorize]
public ActionResult Parent(string color)
{
    if(color=="Red")
        return Child1();
    return Child2();
}

private ActionResult Child1()
{
    return View("this");
}

private ActionResult Child2()
{
    return View("that");
}

~/Controller/Parent routes to Controller.Parent().

~/Controller/Child1 routes to 404: Not Found. ~/Controller/Child2 routes to 404: Not Found.

Byron Sommardahl  2010-07-22 17:38:11
Dear Byron..You suggestion may not work:Action method are Public Methods to be accessed over the web.IF you make it private you cannot navigate from any action method through RedirectToAction
amit  2010-07-26 06:48:52
Exactly. As long as you parent method is in the same class as your children methods, you can call return ChildMethod().
Byron Sommardahl  2010-07-26 15:26:01

related questions

Create query parameters in javascript
ASP.NET MVC: Making routes/URLs IIS6 and IIS7-friendly
Relative urls for Javascript files
How to play a sound in Actionscript 3 that is not in the same directory as the SWF?
Sending values through links (html)
PHP: GET-data automatically being declared as variables
How can I set a timeout against a BufferedReader based upon a URLConnection in Java?
Getting a full list of the URLS in a rails application
Is it the filename or the whole URL used as a key in browser caches?
How do I register a custom URL protocol in Windows?
getting java exception: java.net.MalformedURLException: no protocol
Why do some websites add "Slugs" to the end of URLs?
Friendly URLs for ASP.NET
How to generate urls in django
square brackets in URLs
Does new URL(...).openConnection() necessarily imply a POST?
How do I generate a friendly URL in Symfony PHP?
Getting parts of a URL (Regex)
.NET - Get protocol, host, and port
how to get locale information on a GWT application
How do I convert a file path to a URL in ASP.NET
Can I generate ASP.NET MVC routes from a Sitemap?
URL without ID
ASP.NET URL Rewriting
Modify Address Bar URL in AJAX App to Match Current State