1

I am trying to pass a model to action once the user logs in, but the whole model data is visible in the URL. How to hide those data from url??

Here is Sign in Code.

[HttpPost]
    public ActionResult SignIn(string email, string password)
    {
        try
        {
            //Input Validation.
            if (string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
            {
                ViewBag.LoginState = "ERROR";
                ViewBag.ErrorMessage = "PlayerID  Password can not be empty.";
                return View("/views/home/SignIn.cshtml");
            }

            if (true == ((LoginAPIController)this.APIController).AuthenticateUser(email, password))
            {
                Account accountDetails = ((LoginAPIController)this.APIController).GetUserDetails(email);

                HedgeUtil.UserLoginToSession(accountDetails.emailAddress, accountDetails.firstName, accountDetails.lastName);
                return RedirectToAction("UserPortal", "Home", accountDetails);
            }               
          return View("/views/home/SignIn.cshtml"); 

        }
        catch
        {
            ViewBag.LoginState = "ERROR";
            ViewBag.ErrorMessage = "Invalid UserId or Password, Please try again. Contact customer support if problem persists";
            return View("/views/home/SignIn.cshtml");
        }

    }

Notice return RedirectToAction("UserPortal", "Home", accountDetails); here accountDetails is model which is visible in url.

How to hide this data in url??

Rowan Freeman
  • 15,724
  • 11
  • 69
  • 100
Saurabh Sashank
  • 280
  • 1
  • 5
  • 18

3 Answers3

1

I don't necessarily agree with vishal sharma's answer. I'd like to explain further.

HTTP is stateless. This means that each request is treated like a new request, with the server having no inherent recollection of where this user has just been.

When you use RedirectToAction, you are redirecting the user somewhere and so they will make a new request to your server. You can't just "pass" a model to a redirect - the action that the user is in now and the action that they are going to are disconnected, separate.

The RedirectToAction method can only take an object describing route values.

One way to get around this is to use the TempData. While TempData should be used rarely, it is essentially a solution to this problem.

Put a model in the TempData and then redirect the user. You will have to extract the TempData on the other side to retrieve the model.

Further reading: ViewBag, ViewData and TempData

Community
  • 1
  • 1
Rowan Freeman
  • 15,724
  • 11
  • 69
  • 100
1

You can pass data in TempData like this:

TempData["MyData"] = accountDetails;

and in that action:

public ActionResult UserPortal()
{
Account accountDetails = TempData["MyData"] as Account;
}
Ehsan Sajjad
  • 61,834
  • 16
  • 105
  • 160
0

In MVC4 If you have observed RedirectToAction Method has 6 overload , one which here you have used is 

protected internal RedirectToRouteResult RedirectToAction
(string actionName, string controllerName, object routeValues);

to avoid parameters passed into url you have to use this overload

protected internal virtual RedirectToRouteResult RedirectToAction
(string actionName, string controllerName, RouteValueDictionary routeValues);

you can use routevaluedictionary like this

                Account accountDetails = 
                ((LoginAPIController)this.APIController).GetUserDetails(email);
                RouteValueDictionary rd = new RouteValueDictionary();
                rd.Add("accoundInfo",accountDetails);
                return RedirectToAction("Index", "Home", rd);
Vishal Sharma
  • 2,773
  • 2
  • 24
  • 36