0

I'm working on a web app in which a new user signs up in two steps.First the user provides basic credentials such as email and password.Then, the user is asked for some additional information such as Phone Number, Interest and so on. After filling the required information the user is redirected to a Home Page. What I am looking for is to prevent the user from directly navigating to the Home Page without finishing the signup process. Using this answer, I created an ActionFilter that prevents access to the Index action of the Home controller if the controller and action in the Referrer Uri are empty. Here is the code:

public class PreventNavAttribute : FilterAttribute, IActionFilter
    {
        private ILog logger = LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
        public void OnActionExecuting(ActionExecutingContext filterContext)
        {
            string area = string.Empty, controller = string.Empty, action = string.Empty;
            SetUpReferrerRouteVariables(filterContext.HttpContext.Request, ref area, ref controller, ref action);
            logger.Info($"Controller: {controller} Action:{action}");
            if (controller.IsEmpty() || action.IsEmpty())
            {
                filterContext.Result = new HttpNotFoundResult();
            }
        }

Using this method works, effectively preventing a user from directly navigating into the Index action. However, the caveat here is on the next visit the user cannot go directly to the Home page by typing the url to the website.

How can I solve this so that I can both prevent a new user from directly navigating to home page without finishing the signup and also allow the user to directly navigate to the home page on the next visit.

Community
  • 1
  • 1
xabush
  • 849
  • 1
  • 13
  • 29
  • You can prevent any user that isn't logged in to visit any page by using the `[Authorise]` attribute on your controller – Spluf Apr 27 '16 at 08:24
  • The Home Controller as an [Authorize] attribute. The user is signed in in the first stage when he provides his email and password and then redirected to the next page where a gives additional information. What I'm looking is to prevent the user from navigating to the home page from the second page. I hope this is clear – xabush Apr 27 '16 at 08:29
  • 1
    you can add a flag then, let's call it `UserCanNavigate` as a bool property on the user, if the user has all the details in, set it to true, and if so he can navigate to home page, if not, the default value should be false so he can't.. you can get the flag in a cookie when the user logs in and check the value of that flag in your attribute. You can also redirect the user to the page where he adds more details or to the homepage according to the value of that flag when he logs in (from the login action)and hide the menu on that first page(get a new layout page without the menu for that), etc.. – Spluf Apr 27 '16 at 08:35
  • I tried your suggestion and it works except for one scenario. Imagine the following scenario: The user completes signup process -> S/He is redirected to Home Page and I set UserCanNavigate true -> Then User logs out and hence I delete the cookie -> when the user login in back it is still prevented from logging in because the UserCanNavigate is reset to false. This scenario also happens if the user tries to login in from another machine. – xabush Apr 27 '16 at 09:55
  • 1
    that property should be saved on the database in the user's table, and that's where you're getting it from. just add `public bool UserCanNavigate {get; set;}` to the user class and add that field to your database as well... you save the value in the db and get it from there the next time the user logs in and write it in that cookie. – Spluf Apr 27 '16 at 09:56

0 Answers0