I'm able to get a logged-in user by using "User" in my controller action. I want to get this User to another method that is outside of the controller class.I tried using the below question, but I'm unable to succeed.Get current User outside of Controller
One way is to just pass the User object (ClaimsPrincipal type) as a parameter to the next method in some other class? or to the constructor of the other class?
Related
Consider a fresh Asp.Net Core 2.1 MVC Web app created via the Visual Studio 2017 template. Now, consider a custom view (MyView) and also a controller (ActualController) so that the project structure looks similar to this picture:
The MyView shows nothing special, and it's off the point. However, the page should appear when the user enters an URL like http://(domain)/desired/myview or also via a hyperlink in the home page:
<a asp-area="" asp-controller="Desired" asp-action="MyView">MyView</a>
Now let's focus on the controller, which is a class named differently from what the routing expects:
[Route("desired")]
public class ActualController : Controller
{
[Route("MyView")] //without this the method won't be called
public IActionResult MyView()
{
return this.View();
}
}
From what I know, by decorating the controller with a Route attribute tells the URL resolver to match this class. However, the mapping works only if I explicitly add a (redundant) Route attribute on the target method/action. If I remove it, the path won't be found, and the server returns a 404-error.
The question is: why should be mandatory to decorate with Route the method, even the action is implicitly defined by the method name (as usual)?
NOTE: is rather simple for me to rename the controller class, but I'd like to know what are the reasons behind this behavior.
You are overriding the default route of [controller]/[action] with [Route("desired")]. Since you don't define an action parameter on controller level, all other routes have to be done explicitly.
Changing the top route parameter to [Route("desired/[action]")] should solve it and the method name will be used as parameter. You can still override single actions if you want to name them differently by adding the [Route("")] attribute to them.
Also see the docs (Token replacement in route templates) for further description on the route parameters
I am using EVOPdf converter in my MVC4 project.
I am using the method pdfConverter.GetPdfBytesFromUrl to hit another controller action to return the rendered HTML and have that get converted into a PDF.
My problem is that I now have an [Authorize] attribute on the controller, now that same method only renders a log-in page.
Since I'm requesting the URL from within the same controller (but a different actionresult), is there any way to pass authentication?
string myOwnAddress = System.Configuration.ConfigurationManager.AppSettings["local-address"];
//THIS WILL NEED THE PARAMETERS SENT VIA THE GET URL
byte[] pdfBytes =
pdfConverter.GetPdfBytesFromUrl(myOwnAddress + "/ClinicianReportPDFRendered?PID=" + PID);
Unless somebody can come up with a better solution, I'm going to create a unique key in the requesting action to be passed/used one time and authenticate using that code in the other action.
The only downside is I'll have to take off the blanket [Authorize] on the top of the controller and apply it individually to each action result.
In my MVC application, I dont want any user to type in the address bar of the browser and navigate to any controller action directly.Can I enable this for the whole application?if yes ,How? Can you please let me know the concept name ?
Also I dont want to do that through Request.URLReferrer because it has its own security risks (per Avoiding user to navigate to a view by entering url in the browser)
Thanks in advance!
You need to use Custom Action Filter Attributes, See :
http://www.asp.net/mvc/tutorials/hands-on-labs/aspnet-mvc-4-custom-action-filters
****Updated:**
As Parsanna mentioned in comment,
You can use the [ChildActionOnly] attribute on your action method to make sure it's not called directly, or use the ControllerContext.IsChildAction property inside your action to determine if you want to redirect.
See :Asp.net mvc How to prevent browser from calling an action method?
I'm working on a web application in ASP.NET MVC. When the user logs in, I want to retrieve his navigation (varies between user accounts) and his information from the database, and keep the info between controllers.
I'm displaying the navigation in _Layout.cshtml so I'm wondering best practices to pull the navigation and other user info from the database and storing it between controllers. This information is only retrieved once and stored through-out the user "log-in session".
What is the ideal solution? Should I create a BaseController which other controllers inherit and put my logic in the constructor and put the info in a global ViewBag? Or should I use the Session object in the Login method? Or should I create a static method and call it directly from _Layout.cshtml?
What should I do? I want to do this globally once, so I don't have to do this in each controller action.
I have a method in my controller that I don't want to be called from the address bar in the browser...
Is there a way to do that? Maybe some kind of annotation, modification in the route configuration? Which are my options?
If you are going to use this action only from within your controller or Views then you can use ChildActionOnly attribute.
If you want to access it using POST then you can use [HttpPost] attribute.
But if you wish to use it using GET (i.e. using AJAX call etc) and don't want users to access it using address bar then you can follow this tutorial to make your actions AJAX only.
Or, if you simply want a method that is not an Action at all (i.e. cannot be called using HTTP) then you can either make it private or use [NonAction] attribute
Use NonAction attribute on the method.