Home/ Questions/Q 7567257
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T14:37:16+00:00

I’m currently reading a book about ASP.NET MVC3 to learn working with this framework.

  • 0

I’m currently reading a book about ASP.NET MVC3 to learn working with this framework. The concept of partial views is explained and altough it’s an easy concept, I have a small question with it.

This razor code is added to the view:

@{ Html.RenderAction("Summary", "Cart"); }

This calls the Summary()-method on the CartController. The problem is: as a user, I can call this method via a HTTP request (GET/POST,…) what shouldn’t be possible.

I know there are attributes like [HttpPost] and [HttpGet] to permit only certain sorts of HTTP requests, but is there also an attribute to prevent these? Also, where can I find a list of available attributes?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you have a partial view, you are right that it has to be a public method but it should not be addressable on its own. to achive this you can decorate the action method with the [ChildActionOnly]

    See this for details

    http://msdn.microsoft.com/en-us/library/system.web.mvc.childactiononlyattribute.aspx

    And for a list of similar attributes:

    http://msdn.microsoft.com/en-us/library/system.web.mvc.filterattribute.aspx

    • 0