c# - 防止用户直接调用操作方法(Prevent the user from calling action method directly)

Question

I have 3 View like this:

(我有3个这样的View ：)

  public ActionResult Index()
    {
         return View();
    }

    public ActionResult Step2()
    {

         return View();
    }
    public ActionResult Step3()
    {
         return View();
    }        

And 3 HttpPost Actions

(和3个HttpPost动作)

    //Step 1
    [HttpPost]
    [ValidateAntiForgeryToken]
    public JsonResult Index(string number){}
    //Step 2
    [HttpPost]
    [ValidateAntiForgeryToken]
    public JsonResult Step2(string number){}
    //Step 3
    [HttpPost]
    [ValidateAntiForgeryToken]
    public JsonResult Step3(string number){}

For each HttpPost Action Method I have created a HTML Form and I want that the user submits each form step by step ( step 1 -> step 2 -> step 3 )

(我为每个HttpPost Action Method创建了一个HTML Form ，我希望用户逐步提交每个表单（ step 1 > step 2 > step 3 ）)

Everything is OK but I do not want users can go to redirect domain/controller/step2 or domain/controller/step3 .

(一切正常，但是我不希望用户可以重定向domain/controller/step2或domain/controller/step3 。)

I mean, user must follow my router step 1 -> step 2 -> step3

(我的意思是，用户必须按照我的路由器step 1 - > step 2 - > step3)

  ask by Alex translate from so

Answer 1

There are ways to solve your issue.

(有多种方法可以解决您的问题。)

One way to achieve this is by using TempData before your redirect command and check the TempData value in your HttpGet Action Method .

(实现此目的的一种方法是在重定向命令之前使用TempData并检查HttpGet Action Method的TempData值。)

For example for your Step 2 check you can do this:

(例如，对于您的第2步检查，您可以执行以下操作：)

[HttpPost]
    [ValidateAntiForgeryToken]
    public JsonResult Index(string number)
    {
        //your business code 

        TempData["FirstStepDone"] = true;

        // return RedirectTo()
    }

    public ActionResult Step2()
    {
        if (TempData["FirstStepDone"] == null)
            //return error

        return View();
    }