ASP.NET MVC3: Get method only accessible through other method - asp.net-mvc-3

I'm using the standard forms authentication registration that comes with MVC 3.
I want to add a few checkboxes to that form that indicates what kind of user the registrator will be. Depending on the checkbox choice the user will be redirected to another get method where additional information can be added.
The problem is that I don't want these methods to be accessible in any other way (like typing the url for example). Only in this specific case these these methods can be accessed.
My first idea was to create a session in the post method of the first registration form and check in the get method if the session exists. But this seems like a less elegant way.
Does anyone has a safer solution for this problem?

You should be able to use the [ChildActionOnly] attribute: found here on MSDN.

Related

In ASP .NET Core Razor Pages, how do I properly present server responses to the user?

Recently I have started to deal with dynamic content in my RazorPages web application. I found out about AJAX and have started to incorporate it into my application since it helps me display information to the user. For example, when a user presses a button, some information is taken from an input field and sent to the server, as usual. I use the server response (OnGet or OnPost return value) to display information to the user without them reloading the page.
However, I cannot figure out how to incorporate model binding into this. When I use AJAX I can build the message myself but the model binder of RazorPages was made to this automatically - which is great and I use it a lot, but how can I access the return value of my OnGet or OnPost when I created a form and used tag helpers to allow model binding? I know that I can return Content(string) in these methods but that will show an empty page with the string I return, of course.
My question is: How can I access such a string to display it to the user? Am I even on the right track here or is there maybe a better way to solve this kind of issue?
I would recommend checking out some of the Razor Pages tutorials as they cover the basics of posting form data using Razor pages:
https://www.learnrazorpages.com/razor-pages/forms
Best of luck on your programming journey.

MVC design issue - roles of each component

This is our first time using this pattern (we're not even sure that this pattern is suitable for this project), and me and my mates have a couple of questions.
We're designing a simple applications for displaying files with regards to permissions.
Suppose "Joe" is currently logged in to the system, where would be the correct place to save "Joe" as the active user?
What are the roles of the controller in this context? Suppose "Joe" wants to log in to the system. He enters his password and clicks log on, should the view validate the details directly with the Model? or should it ask the controller to do it for him?
Suppose that the login is successful, what should happen now? Should the View listen as an Observer to the model and wait for a response that the login is correct and then switch windows? or should the Controller have a method called boolean ValidateLogin() which the view calls and acts accordingly?
As you can see we're very confused, any help would be appreciated.
Session / Database / Configuration File (is this a single or multiple user system?)
In some web frameworks*: the view passes the login data to controller, passed to model which would validate, return the result to controller, and give the correct view as response. Surely it's also fine if the view wants to directly validate the data to the model, but IMO view-model communication should never have any logic involved, only data update notification.
I think it's partially answered in answer 2 above. The controller should be able to destroy/change the login view though (when the login successful, normally the view should change accordingly).
*This is because in web application, usually view cannot directly talk to model, as opposed in desktop application. This is still an MVC, only a variation called MVA.
For your requirements, I suggest you use this project MembershipStarterKit to start with.
It has samples that do basic authentifacation and role management.
It also use the .Net membership provider so that you don't re-invent the wheel.
Store it in session
Any client side validation can be done by the view directly with the model(Through DataAnnotations). And for database calls it goes through the contoller
On successful login, controller will render the corresponding view

Detect when user navigate from one web page to another

I am writing MVC3 web app I need to know at server side when user navigate from one web page to another. I do not need to know from what pages page to which just fact that user navigated. I could find this by adding Session variable to every Home Controller Actions but maybe there is better solution?
Use a global filter attribute for al your controller actions. You can set that attribute in the global asax. In that case you know when an action is hit.
You could try sending AJAX request bound to onbeforeunload browser event.
Basically, it happens on the client side, so the programming should also be in client. Javascript could be the way to go. Though it may deliver some inconvenience to the user.

JSP includes and MVC pattern

I am new to JSP/Servlets/MVC and am writing a JSP page (using Servlets and MVC pattern) that displays information about recipies, and want the ability for users to "comment" on it too.
So for the Servlet, on doGet(), it grabs all the required info into a Model POJO and forwards the request on to a JSP View for rendering. That is working just fine.
I'd like the "comment" part to be a separate JSP, so on the RecipeView.jsp I can use to separate these views out. So I've made that, but am now a little stuck. The form in the CommentOnRecipe.jsp posts to a CommentAction servlet that handles the recording of the comment just fine. So when I reload the Recipe page, I can see the comment I just made.
I'd like to:
Reload the page automatically after commenting (no AJAX for now)
Block the user from making more than one comment on each Recipe over a 1 day timeframe (via a Cookie). So I store a cookie indicating the product ID whenever the user makes a comment, so we can check this later? How would it work in a MVC context?
Show a message to the user that they have already commented on the Recipe when they visit one
which they have commented on
I'm confused about using beans/including JSPs etc on how to achieve this.
I know in ASP.NET land, it would be a UseControl that I would place on a page, or in ASP.NET MVC, it would be a PartialView of some sort. I'm just confused with the way this works in a JSP/Servlets/MVC context.
you can use response.sendRedirect() or forward APIs in javax.servlet to redirect to a new page or refresh the same page (redirect to the same page/path so that the beans/data gets refreshed)
about restricting to one comment per day - yes you can use cookie but the problem is that user might use another browser type (chrome, FF, Safari) and will be able to make multiple comments.
Ideally you should store the lastCommentTime in the model/persistent store and tie it to the user information - this way your model object can expose an API that checks the last comment time and returns true/false depending on whether user can comment or not.
You can use this API in your servlet/JSP to show/hide the comment button, for example and also show a message

accessing master page hyperlink from a different controller

I am using ASP.NET 3.0 MVC with membership provider. I have to make modification to the default implementation we get with membership related code. I have to move LogOff Hyperlink in the master page. Initially this link is in-visible but once authentication is succesfful I need to make it visible. This action will happen from Controller for authentication and I am not sure how to access the hyperlink defined in a master page from a different controller. Any ideas how this could be achieved keeping the spirits of MVC design?
You could create another action in your AccountController to determine if the log off link needs to be displayed. This action has a partial for the html. Call this new action from the master page and check in that action if the log off link needs to be displayed.
#{ Html.RenderAction("displayLogOff", "Account"); }
I'm not sure why you need to make a modification, as this seems to be the default behaviour, but typically you would use a partial view to display the log off hyperlink. This partial view can run an action, and in this action you would send a model to the view which could include a flag for if the user is currently authenticated. Alternatively, you can just check Request.IsAuthenticated in the partial view directly.
I'm not sure I understand. The default implementation already does this. It works regardless of what controller you're using. The reason is that the master page uses a partial page that specifies the method and controller.

Resources