Return Current View From Different Controller (MVC Log On Control)

Question

5.00/5 (1 vote)

See more:

I have a simple view (Home/Index.cshtml):

ASP.NET

@{
  Layout = null;
}

<!DOCTYPE html>
<html>
<head>
  <title>Test Log On</title>
</head>
<body>
  <div id="logon">
    @Html.Partial("_LogOnPartial")
  </div>
  <div id="main">
    Hello
  </div>
</body>
</html>

It is rendering a partial view (_LogOnPartial.cshtml):

ASP.NET

@using (Html.BeginForm("LogOn", "Account", FormMethod.Post))
{
  <!-- ...fields omitted for simplicity... -->
  <input type="submit" value="Log On" />
}

That partial view is posting back to an action method on a different controller (AccountController.cs):

C#

public class AccountController : Controller
{
  [HttpPost]
  public ActionResult LogOn()
  {
    // ...login logic omitted for simplicity...
    return Redirect(Request.UrlReferrer.PathAndQuery);
  }
}

You'll note that it is just returning a redirect. I'm thinking there must be a better way (e.g., return a view), as this loses all the model data (which would be useful to keep if the log on fails). I could pass around the path to the view, but I don't want the client having access to that data (and using session to pass that around seems clunky)... seems like it might expose my website to some vulnerabilities.

What I'm thinking is that there might be a way to determine the default view based on the referrer URL. So if I pass in "/Home/Index" or "/Home" or "/" or "/SomeOtherValidRoute" to a function, it will return the "~/Views/Home/Index.cshtml" view.

Do you know of a function like that, or am I going about this the wrong way? In ASP.NET Web Forms this would just be a simple user control, but I'm having trouble figuring this out in ASP.NET MVC.

Posted 13-May-12 0:54am

AspDotNetDev

Add a Solution

Comments

AspDotNetDev 13-May-12 7:03am

I guess you could say I'm after a referrer view. And note that this partial view isn't being used by only one view... it's being used by essentially all views (I simplified my example).

AspDotNetDev 13-May-12 7:07am

Another possibility I'm considering is using AJAX, but I'm curious if there are other workable solutions.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Keith Barrow · Answer 1 · 2012-05-14T12:30:00

A semi Partial Answer (1am & I can't go into details :), but I've answered your post in the Lounge and I can help you here).

"You'll note that it is just returning a redirect." That's the first problem, you should only re-direct if the login is a success.

"as this loses all the model data (which would be useful to keep if the log on fails)" If the login fails you should return a view with the "failure" information in (I'm guessing the form you have, with the username filled in (the password blanked and a message "Your login fooed for some reason" type thing). I'm not sure what else you'd want to keep this information for. Without persisting it at the server via session or a proper backing store, you're going to have the same problems that you'd have with ASP.NET: there is no way to send the information safely to the client without encryption (even ViewState can be read). This is *partially* an example of what I was alluding to in The Lounge about ASP.NET forms hiding stuff from you and it not always being a good thing.

What I'm thinking is that there might be a way to determine the default view based on the referrer URL. So if I pass in "/Home/Index" or "/Home" or "/" or "/SomeOtherValidRoute" to a function, it will return the "~/Views/Home/Index.cshtml" view. There is a way to achieve this and you are close to the mark. If you want to see a full solution, I suggest you create a new MVC3 application but select "Internet". It creates a login form for you, secured against (unconfigured) Authentication/Authorisation providers. You can secure it against the providers as you would for ASP.NET. Let's say you've two secured action methods corresponding to /home/index and /foo/bar. It is important to secure these with the Authorize attribute[^] as there may be more than one way to access these methods, the ASP.NET location in web config is not sufficient.

Anyway, having done this, if you try and navigate to /home/index you'll get the login page and the Query string posted back to the server will have /home/index as the target. The default Login action method (similar to the one you have) will then transfer to the target as supplied by the login form in the query string. That way, if navigating to /foo/bar and logging in it will re-direct there instead.

This isn't the only way to skin this problem, but it should get you started.

Let me know if you need any more help, I'll try to remember to see if you've replied in the morning sorry I can't provide code at the moment!

TheGreatAndPowerfulOz · Answer 2 · 2012-05-14T12:05:00

Solution 1

Have you tried using Html.Action("action", "controller", parameters) (or Html.RenderAction())?

Posted 14-May-12 12:05pm

TheGreatAndPowerfulOz

Comments

AspDotNetDev 14-May-12 18:16pm

I assumed that basically chooses the view for me by calling that action, which seems a lot like Html.Partial/RenderPartial. I don't see how it'd allow me to provide a postback which calls the LogOn action method on the AccountController without changing the URL. Though maybe I don't understand it fully. Could you update your answer to show a full example? I will also try to play around with this when I get home from work.