Home/ Questions/Q 8131477
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T09:06:02+00:00

Hi, For a view that will be submited I have two actions with the

  • 0

Hi,

For a view that will be submited I have two actions with the same name but one of them have this attribute : 

[AcceptVerbs(HttpVerbs.Post)]

In the nonPost action I usually makes some validations where the User will be redirect to another action if its not correct, for example validating that the current object in edit is able to be changed.

Is it true that I need to make the exact same validations in the post Action to be sure that tha page is not hacked with some sort of custom post?

If so, how du u usually handle this? I do know about AuthorizeAttribute but the validations I need to do is specific for this action.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is it true that I need to make the exact same validations in the post
    Action to be sure that tha page is not hacked with some sort of custom
    post?

    Every controller action that modifies some state on the server and which requires authorization must perform this authorization.

    I do know about AuthorizeAttribute but the validations I need to do is
    specific for this action.

    Then write a specific Authorize attribute for those 2 actions (as apparently you have the same authorization logic for the 2 actions).

    But there’s something weird about your description. You said that if authorization fails in the GET action you redirect. But when you redirect you obviously cannot invoke the POST action because redirect means GET.

    • 0