Forbid access on page if form of another Action isn't submitted

Question

I'm trying to create a registration in my ASP.NET MVC application. The registration is split in different areas.

First, I'm getting on the Create page. If the form in Create is successfully filled out and I submitted, I want to go on AccountInfo, which has another form.

[HttpGet]
public ActionResult Create()
{
    return View("Create");
}

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(Account account)
{
    if(ModelState.IsValid)
    {
        using (db)
        {
            return RedirectToAction("AccountInfo", new { account = account });
        }

    }
    return View();
}

public ActionResult AccountInfo(Account account)
{

    db.Accounts.Add(account);
    db.SaveChanges();
    return View();
}

How can I forbid the access on AccountInfo if the form in Create isn't filled out?

Answer 1

Check that all the parameters in your first form are "valid" and filled in by the time you reach the second form. You can also check that the call came from that page. Just inspect the http request object to find the right info.

Here is the object I am referring to: http://msdn.microsoft.com/en-us/library/system.web.httprequest%28v=vs.110%29.aspx

Answer 2

Well, all you care about is that account is filled in, so you really don't have to worry about whether or not someone came to AccountInfo directly. If they do, they won't have a valid Account object. If the Account Object is not valid, then you just redirect them back to Create.