0

I have an ASP.NET MVC web application.

There's a welcome page in my application, and i wish for the user to complete some steps on that page before allowing him to use the application.

I'm trying to accomplish 2 things:

  1. Ensure that the user is always redirected to that page until he completes the required steps. Note: the user is logged in when he is at the welcome page.

  2. Ignore all requests made by that user to any of the controllers, except for a few specific requests to a specific controller.

What is the correct way to do the above?

Thanks.

Improve this question

4 Answers 4

Reset to default
1

What i have done is:

  1. Create a class that derives from Controller and add the logic to redirect if not Logged in:

    public class CustomController : Controller
{
    protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {

        if (!LoggedIn) //Here you decide how to check if the user is Logged in
        {
            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
            {
                controller = "YourLogInControllerName",
                action = "YourLoginActionName"
            }));
        }
        else
        {
            base.OnActionExecuting(filterContext);
        }
    }
}

  2. Then all Controllers derive from this CustomController class.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I think this is what I want to do for my project, but a few questions. What would be contained in filterContext? What if only some of my actions in a controller I want to be authenticated? (Maybe about and Contact Us don't need to be authorized?) Where can I get more info for this pattern?
filterContex is autopopulated by the application. string originAction = filterContext.RouteData.Values["action"].ToString(); could give you the action so you could check that.
0

Sounds like you could use the session for that, or other (more persistent) storage if you must make sure the visitors finish these 'required steps', so you can store it when they've fininshed them.

Improve this answer

Comments

0

I created a custom authorise attribute that redirected the use to my login page if they didn't meet the criteria I set. This then allowed me to use [AuthorizeAdminArea] on my base controller which stopped access to all areas. I then used [AllowAnonymous] to allow access to the login area.

Take a look at the SimpleMemshipProvider

Improve this answer

Comments

0

Use a Role and only allow access to the other controllers if the user has this Role. Add the user to this Role when they have completed the necessary steps.

See http://msdn.microsoft.com/en-us/library/9ab2fxh0.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.