CODEWITHSUNDEEP
asp.net-mvcasp.net-mvc-4registration
JayMF
JayMF

Reputation: 91

In ASP MVC, how should I structure my controler for a registration process with confirmation page

I am still new to ASP MVC 4 and I need some help to design my controler for a basic registration scenario with a confirmation page.

I have a form where the user enters some personal information, with some model validation using validation attributes. On the submit of this form, I need to call my datalayer for more complex validations before redirecting to a confirmation that shows to the user's input so that he can verify everything. So it is only on the submit of this confirmation form that the create action happens in the database.

I read about the PRG pattern (Post-redirect-Get) and I am a bit confused because I do not want any of the personal data to appear in the URL between the registration and the confirmation form.

I hope I am clear enough in the explation of my situation..

This is a pretty basic scenario that we see pretty much everywhere so I hoped to find exmaples somewhere but I can't find any article or tutorial about it.

Thanks in advance!

Upvotes: 0

Views: 1582

Answers (4)

Roger
Roger

Reputation: 1

One other possibility is to store it in TempData. It is basically a session variable that only last until the next request. However that means that if on a page refresh the data is lost.

Upvotes: 0

JotaBe
JotaBe

Reputation: 39045

You can use this pattern. Although the name is Post Get Redirect, the first time the user will do a GET of the login page, by typing it in his browser. The server will send an empty form as an answer. Once the user has the form on his browser, you are on the POST step of PRG:

  • POST: the user fills the form, and submits it (when the client side validation is succesful). When the server gets the data, it can make a server side validation. If the server side validation fails, the server sends the form back to the user, so that he can try again. The server and user will exchange the form several times, until the server validation is ok.

  • REDIRECT: Once the server side validation is ok, the server registers the user and sends a redirect (HTTP 301 or 302) to the browser, which includes the new URL that the browser must load.

  • GET: when the browser receives the Redirect from the server, it issues a GET of the new URL.

The redirect url will usually show a next step, or a confirmation page. In this case it could be a "Registration Succesful" page.

The advantage of the PRG pattern is that refreshing the browser (reloading the page) will not have undesired side effects (like registering the user twice in this sample):

  • if the users refresh the browser in the POST step, the form is sent back to the server. But the user can only do this while he is in the POST step (and thus, is not still registered)

  • once the user is registered, the browser has been redirected to a new page, using GET. So, if the user refreshes the browser he repeats the GET, and nothing happens on the server side.

I.e, if you correctly implement this pattern, the server shuld only make actions (like registering the user) on POST requests. In the GET requests the application should only show data to the user, but make no changes.

By the way, all the personal data will be posted in the first step (POST) to the server. The URL used in the REDIRECT and GET steps doesn't have any personal information url. To do this, you'll normally store the neccessary personal data in session, once the user is registered / authenticated.

Upvotes: 2

A Khudairy
A Khudairy

Reputation: 1492

Well I would build the controller class as shown below .. I will be using session to store the user information to get it to the confirmation page, but you can choose any other ways maybe like a cookie if that is okay from a security perspective

Public class RegistrationController:Controller
{
    [HttpGet]
    public FillInformation()
    {
        ...
        Return view();
    }

    [HttpPost]
    public FillInformation(UserInformation UserInformation)
    {
        if (ModelState.IsValid)
        {
            //do some further validation here and if succeed then save to session
            Session["info"] = UserInformation;
            return RedirectToAction("Confirmation");
        }

        Return view(UserInformation);
    }

    [HttpGet]
    public Confirmation()
    {
        // get object from session
        UserInformation info = Session["info"]
        Return view(info);
    }

    [HttpPost]
    public Confirmation()
    {
        // get object from session
        UserInformation info = Session["info"]
        //Save data to database here
    }
}

Also since you are using MVC 4, another way to do this would be using a service call by implementing a WEB API service.

Upvotes: 2

Marthijn
Marthijn

Reputation: 3392

You can store the user data in the session after the validation by the server. Then display everything on the confirm page for the user. And finally store everything in the database.

Upvotes: 1

Related Questions