1

In my MVC application, I dont want any user to type in the address bar of the browser and navigate to any controller action directly.Can I enable this for the whole application?if yes ,How? Can you please let me know the concept name ?

Also I dont want to do that through Request.URLReferrer because it has its own security risks (per Avoiding user to navigate to a view by entering url in the browser)

Thanks in advance!

Community
  • 1
  • 1
Prasanna
  • 337
  • 2
  • 3
  • 15

1 Answers1

1

You need to use Custom Action Filter Attributes, See :

http://www.asp.net/mvc/tutorials/hands-on-labs/aspnet-mvc-4-custom-action-filters

****Updated:**

As Parsanna mentioned in comment,

You can use the [ChildActionOnly] attribute on your action method to make sure it's not called directly, or use the ControllerContext.IsChildAction property inside your action to determine if you want to redirect.

See :Asp.net mvc How to prevent browser from calling an action method?

Community
  • 1
  • 1
Ehsan Sajjad
  • 61,834
  • 16
  • 105
  • 160
  • But what should I write in there ? Anything that can be specified in Controller or in GLobal.asax ?? – Prasanna Apr 10 '14 at 11:12
  • you need to create custom action filter attribute and will apply that attribute on every action. – Ehsan Sajjad Apr 10 '14 at 11:12
  • Can you determine if the user directly typed an address in their browser address bar vs followed a link in the application? I don't think you can...how does an action filter enable this? – Charleh Apr 10 '14 at 11:13
  • like this: [CustomActionFilter] public class StoreController : Controller { ... } – Ehsan Sajjad Apr 10 '14 at 11:13
  • @Ehsaan, Are you talking about something mentioned in the below link ?http://stackoverflow.com/questions/9407172/asp-net-mvc-how-to-prevent-browser-from-calling-an-action-method – Prasanna Apr 10 '14 at 11:15
  • If I use `[ChildActionOnly]` then users with AJAX post mayn't be able to access that (http 500 error..) .More importantly if I use Child Action attribute, then I cannot use get that while referring though `Html.ActionLink` even.. – Prasanna Apr 10 '14 at 12:04
  • hmm, then you can do something with action filter – Ehsan Sajjad Apr 10 '14 at 12:06
  • Yes. Thats the only option left(seems like)..Can you please guide me achieving this through actionfilter ? – Prasanna Apr 10 '14 at 12:09
  • first you see how to write a custom action filter, there are exmples available google it – Ehsan Sajjad Apr 10 '14 at 12:31