restrict the user from jumping controller and action methods

Question

Folks:

My ASP.NET MVC 1.0 application is more like a workflow.

Means: Parent controller's action method (authentication) --> Child 1 Action method --> Child 2 Action method --> Child n Action

Now once the visitor completes the Authentication through the parent controller's action method he can manupulate the URL and jump directly to the child 2 action method. We want to avoid this and in this case we want them to a error page.

How can we implement to restrict the user from jumpin from 1 to another action method ?

Answer 1

Make your child action methods private so that they can only be accessed via the parent action.

[Authorize]
public ActionResult Parent(string color)
{
    if(color=="Red")
        return Child1();
    return Child2();
}

private ActionResult Child1()
{
    return View("this");
}

private ActionResult Child2()
{
    return View("that");
}

~/Controller/Parent routes to Controller.Parent().

~/Controller/Child1 routes to 404: Not Found. ~/Controller/Child2 routes to 404: Not Found.

Answer 2

You could use TempData providing some key and if that value isnt there, you could redirect the user back to the previous step.

Or you could decorate the subsequent action methods with [HttpPost], set each Form action to the next action method in the controller, and the actions wouldnt be available to GET requests.