Databases
StackOverflow2013
Postsdbo
PODeclaring an ActionResult function as private to prevent direct URL access
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODeclaring an ActionResult function as private to prevent direct URL access
    text
    copied!<p>In my ASP .NET MVC 3 web application, I am using a lot of partial views. I am using these partial views in some cases through normal render calls</p> <pre><code>&lt;div id="attributes"&gt; @Html.Partial("_DeviceAttributesPartial", Model.DeviceAttributes) &lt;/div&gt; </code></pre> <p>and in other cases using AJAX: </p> <pre><code>$.ajax({ url: '@Url.Action("GetDeviceAttributes")', type: 'POST', data: { deviceID: device, deviceTypeID: devicetype, deviceModelID: devicemodel }, success: function (result) { // when the AJAX succeeds refresh the device model drop down holder $('#attributes').html(result); } }); </code></pre> <p>I was trying to find a way to stop users from going directly to my partial view ActionResults such as this one:</p> <pre><code>public ActionResult GetDeviceModelList(int deviceTypeID) { var model = new EditDeviceViewModel(); var deviceType = _db.DeviceTypes.Single(t =&gt; t.ID == deviceTypeID); model.DeviceModelList = new SelectList(_db.DeviceModels.Where(m =&gt; m.DeviceType.ID == deviceType.ID), "ID", "Model"); return PartialView("_DeviceModelListPartial", model); } </code></pre> <p>I stumbled up on <a href="https://stackoverflow.com/questions/3316316/is-it-i-possible-to-prevent-certain-partialviews-from-being-served-if-requested-d/3316545#3316545">this answer</a> to simply make the action <code>private</code>. I gave it a try and it seems to work, however I feel uneasy about doing that, not knowing what other side effects might happen.</p> <p>So my questions are:</p> <ul> <li>Is setting actions to <code>private</code> a sensible thing to do? </li> <li>What other side effects might occur from doing this? </li> <li>How about actions that are only available through a <code>POST</code>?</li> </ul> <p><strong>NB:</strong> Most of the partial action result functions are <code>[HttpPost]</code> so I don't believe they are accessible anyway.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload