In my MVC application, I dont want any user to type in the address bar of the browser and navigate to any controller action directly.Can I enable this for the whole application?if yes ,How? Can you please let me know the concept name ?
Also I dont want to do that through Request.URLReferrer because it has its own security risks (per Avoiding user to navigate to a view by entering url in the browser)
Thanks in advance!
You need to use Custom Action Filter Attributes, See :
http://www.asp.net/mvc/tutorials/hands-on-labs/aspnet-mvc-4-custom-action-filters
****Updated:**
As Parsanna mentioned in comment,
You can use the [ChildActionOnly] attribute on your action method to make sure it's not called directly, or use the ControllerContext.IsChildAction property inside your action to determine if you want to redirect.
See :Asp.net mvc How to prevent browser from calling an action method?
Related
In reference to this: https://github.com/marmelab/react-admin/pull/1491
That is not overriding the url that gets called.
I thought this meant to change the basePath of the URL that hoes to the API not the internal one to the frontend site, hopefully that makes sense.
So essentially I want to override the basePath so I can call a different URL on the backend side. If this is not what was intended , how can I override a action of the EditButton or ShowButton to call a different URL?
Or the other option that I can think of is: if we have a way to override the attribute that gets picked at the moment the button gets clicked, that is for an instance for complex structures instead of sending the id to lookup you could use something like: user.id.
Thanks in advance.
I guess the answer to this is to customise the dataProvider. But I don't see it as a clean solution to have to customise the dataProvider for such a case scenario :(
I have an asp.net mvc 4 application. There is an action method, HttpPost which takes in a formcollection. I want to provide a direct link to this action and manually set a parameter on the formcollection. Is this possible?
e.g. myurl?formCollection[Parameter]=staticValue
You can't provide a direct link:
Direct link
because links use GET's (not POST's). Though you can get the behavior that you want using some javascript or changing the action to HttpGet.
Regards.
I'm trying to limit the session access to a Struts application so the users will only be able to use 1 tab at the time. To do this, I have to create an ID everytime a new page is loaded and assign that ID to the user's session. By doing so, if the user uses a page with a different ID than the one registered in his session, the action will be rejected.
How can I do a listener on every page load? Which interface should I use?
Or do you have any other idea of how I could manage multiple tabs?
I'm Using Struts 1 and Java 4.
You could use Spring MVC Interceptors and override the preHandle method.
Returning false inside should cancel your request for not allowed additional tabs.
You can use an interceptor to do this. You will need to define it on your interceptor stack in your struts.xml and code the interceptor to check the JEE role information provided by your web application server. The interceptor can be coded to give a redirect result on the other tab if there was recently an action called however you will probably need to coordinate it via JS generated ids and AJAX.
https://struts.apache.org/docs/interceptors.html
I am creating a dnn module. The content depends on the param in the url.
I want to be able to edit this content in the 'edit content' mode. However when i go to edit content the param in the url is no longer accessible because it is the parent document. How do i go about passing this value from the view.ascx to the edit.ascx?
Try storing the param in cookies or localstorage. Then you should be able to access it. Of course the user will be able to modify it but you can do a check that the user has not modified it by storing a server side encryption or somthing like that.
A workaround is to have a field where the user enters this parameter. But i know this isn't a very good solution. I am guessing that you will have to override the dotnetnuke core to do this (yes i know it sucks).
I hope I am understanding the question properly.
To pass parameters from your View to Edit controls, you should first make sure they are registered properly in the module definition. You default View should have an empty controlkey and your Edit should be registered with a control key, for example "addedit".
When creating a link between your view control and edit control, use the EditUrl() method of PortalModuleBase. When passing a parameter, for example an id of the item you want to load into your edit control, you can pass them as arguments in the EditUr method.
Example (in my view.ascx.cs):
lnkEdit.NavigateUrl = EditUrl("id", "16", "addedit");
This will assign a module view link to the edit.ascx (assuming the controlkey in the definition is addedit) passing in a url parameter "id" with value 16.
See my DNN Module Views tutorial for a complete lesson on how to do DNN module views and navigation.
http://www.dnnhero.com/Premium/Tutorial/tabid/259/ArticleID/204/Introduction-and-Module-Definition-basics-in-DNN-Part-1-6.aspx
I have a method in my controller that I don't want to be called from the address bar in the browser...
Is there a way to do that? Maybe some kind of annotation, modification in the route configuration? Which are my options?
If you are going to use this action only from within your controller or Views then you can use ChildActionOnly attribute.
If you want to access it using POST then you can use [HttpPost] attribute.
But if you wish to use it using GET (i.e. using AJAX call etc) and don't want users to access it using address bar then you can follow this tutorial to make your actions AJAX only.
Or, if you simply want a method that is not an Action at all (i.e. cannot be called using HTTP) then you can either make it private or use [NonAction] attribute
Use NonAction attribute on the method.