Use of NonActionAttribute in MVC
Public non-action methods in ASP.NET MVC controllers are source of problems because they can be called by user when not handled carefully. Same time you may need public methods on controllers for some other reasons (some UI framework, testability problems, things you cannot change etc). In this posting I will show you how to handle controller methods properly.
for example, in a controller you will have a ActionResult Index
public ActionResult Index()
{
ViewBag.Message = "Welcome to ASP.NET MVC!";
return View();
}
and a public method for doing some action internally
public void Internalmethod() {
Response.Write("doing some internal process");
Response.End();
}
But in normal case from front-end User can access both method because in MVC every method inside Controller treated as ActionResult.
eg: you can call the Internalmethod() like http://localhost:2234/Home/Internalmethod it will render that page
in order to avoid this issue we can use NonActionAttribute to notify MVC framework that given controller method is not action
[NonAction]
public void Internalmethod() {
Response.Write("doing some internal process");
Response.End();
}
Now when we try to run Internalmethod() over URL we get the error 404 as response to request.