ASP.NET

How to make an Action only callable from another Action and not from a url ? RSS

4 replies

Last post Aug 25, 2012 04:35 PM by BrockAllen

‹ Previous Thread|Next Thread ›

- Reply
skneife

0 Points

9 Posts

How to make an Action only callable from another Action and not from a url ?

Aug 18, 2012 07:46 PM|LINK

How to make an Action only callable from another Action and not from a url ?

Sam
- Reply
BrockAllen

All-Star

27574 Points

4912 Posts

MVP

Re: How to make an Action only callable from another Action and not from a url ?

Aug 18, 2012 09:35 PM|LINK

Apply the [ChildActionOnly] attribute on the nested child action.

Brock Allen | http://brockallen.com
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
- Reply
DhavalShah89

Member

112 Points

79 Posts

Re: How to make an Action only callable from another Action and not from a url ?

Aug 19, 2012 02:07 AM|LINK

http://msdn.microsoft.com/en-us/library/system.web.mvc.childactiononlyattribute(v=vs.98).aspx
- Reply
skneife

0 Points

9 Posts
Re: How to make an Action only callable from another Action and not from a url ?

Aug 25, 2012 04:21 PM|LINK
[ChildActionOnly] is not suitable for this issue.

Look at this code :
```
[AcceptVerbs(HttpVerbs.Post)]
    public ActionResult FisrtAction(){

      ...
       return RedirectToAction("SecondAction");
   }

   public ActionResult SecondAction(){

      ...
      return View("MyView");
   }
```
The action named SecondAction must be used only by the FirstAction.

So how avoid a direct web access via an url to the second action ?

Thanks for help.

Sam
- Reply
BrockAllen

All-Star

27574 Points

4912 Posts

MVP

Re: How to make an Action only callable from another Action and not from a url ?

Aug 25, 2012 04:35 PM|LINK

Oh you only want section action to be possible after they've executed first action? You'll have to figure out a way to ensure one of called form a page that was issued by the other. Something like an anti forgery token plus a counter or a token of some sort. Anything you send back to the client should be protected.

Brock Allen | http://brockallen.com
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
- Marked as answer by Young Yang - MSFT on Aug 27, 2012 02:00 AM

‹ Previous Thread|Next Thread ›

How to make an Action only callable from another Action and not from a url ? RSS

4 replies

skneife

How to make an Action only callable from another Action and not from a url ?

BrockAllen

Re: How to make an Action only callable from another Action and not from a url ?

DhavalShah89

Re: How to make an Action only callable from another Action and not from a url ?

skneife

Re: How to make an Action only callable from another Action and not from a url ?

BrockAllen

Re: How to make an Action only callable from another Action and not from a url ?

This site is managed for Microsoft by Neudesic, LLC. | © 2013 Microsoft. All rights reserved.

Follow Us On:

Microsoft