0

In the standard MVC project using ASP.NET Identity, an unauthorized request is redirected to the login page, and a ReturnUrl parameter is added to the query string so that after a successful login a further redirect can be made to the originally-requested page.

The Account controller contains a method named RedirectToLocal that's used to perform that second redirect only if the ReturnUrl parameter refers to a local URL (i.e. a page from the same website). It uses a very simplistic approach to perform this check, and does not check (for example) that the URL is a valid URL, or that it can be routed to an action.

In my case, there are some URLs that I definitely don't want to redirect to, such as the log-out page(!). I'd also like to redirect only to URLs that can be successfully routed.

To achieve that, I've changed the code to turn the URL into a route (using a technique similar to this). That gets me a RouteData object that allows me to examine the controller and action names (and thus lets me exclude certain blocked actions).

I'd like to take this further and exclude any controller actions that expect POST data (since you cannot redirect to those). So...

Given a controller name and action name, how can I tell whether this is a GET or a POST action?

Is there some way I can invoke the routing/binding that the MVC framework would normally do, right up to the point before it actually executes the action?

Community
  • 1
  • 1
Gary McGill
  • 26,400
  • 25
  • 118
  • 202

2 Answers2

1

I don't believe that there is built-in functionality to do what you want.

I've just had a quick look at the ASP.NET MVC 5 source (System.Web.Mvc.dll) (using dotPeek) to see where [HttpPostAttribute] is used. Quite frankly, everything to do with figuring out whether an action method can be used to serve an incoming is request is done on the fly. As in, there are no high-level extension methods, or helper classes, involved with that decision. At least, there is nothing obvious from what I can see. It looked to me more like internal methods/helpers being used to determine whether the action method can serve the request.

As for how you can achieve your main goal, I'm not so sure, but I thought I'd mention what I found after scanning the source code. Naturally, feel free to take a look at the source yourself, you might very find something I've missed. In which case, please post your findings here in order to help others who may have the same need in the future.

Jason Evans
  • 28,906
  • 14
  • 90
  • 154
0

Potential solution, add [Get], [Post] attributes to actions and use reflection to filter them out.

Don't know if there is some mechanism build in the framework other than reflection and attributes.

Another solution. Create a convention that all the actions have the http method name in the Action Name and look for it with regexp.

Michal Franc
  • 1,036
  • 10
  • 16
  • Thanks, but there must be some part of the framework that does this (since it will complain if you try to redirect to the wrong sort of action), and I'd like to hook into that rather than invent my own scheme. – Gary McGill Oct 12 '15 at 11:15