Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
What is the significance of NonActionAttribute in ASP .Net MVC C#?
The NonAction attribute in ASP.NET MVC is used to prevent public methods in a controller from being treated as action methods. By default, all public methods in an MVC controller are accessible via URL routing. The NonAction attribute allows you to keep methods public (for internal use within the controller or class hierarchy) while blocking direct HTTP access.
Syntax
Following is the syntax for applying the NonAction attribute −
[NonAction]
public ReturnType MethodName() {
// method implementation
}
Why Use NonAction Attribute
In ASP.NET MVC, the framework automatically treats all public methods in controllers as action methods that can be invoked via HTTP requests. However, you might need public methods for −
-
Helper methods used internally by other action methods
-
Utility functions that should not be directly accessible via URLs
-
Methods called by derived classes in inheritance scenarios
Example Without NonAction Attribute
In this example, both methods are accessible via URL requests −
using System.Web.Mvc;
namespace DemoMvcApplication.Controllers {
public class HomeController : Controller {
public string MyMethod1() {
return "<h1>My Method 1 Invoked</h1>";
}
public string MyMethod2() {
return "<h1>My Method 2 Invoked</h1>";
}
}
}
Both methods can be accessed via URLs −
-
http://localhost:59146/Home/MyMethod1
-
http://localhost:59146/Home/MyMethod2
Example With NonAction Attribute
Here we apply [NonAction] to prevent MyMethod2 from being accessible via HTTP requests −
using System.Web.Mvc;
namespace DemoMvcApplication.Controllers {
public class HomeController : Controller {
public ActionResult Index() {
string result = MyMethod1() + "<br>" + MyMethod2();
return Content(result);
}
public string MyMethod1() {
return "<h2>My Method 1 Invoked via URL</h2>";
}
[NonAction]
public string MyMethod2() {
return "<h2>My Method 2 - Internal Helper Method</h2>";
}
}
}
Now MyMethod2 cannot be accessed directly via URL. Attempting to access http://localhost:59146/Home/MyMethod2 will result in a "The resource cannot be found" error. However, MyMethod2 can still be called internally by other methods within the controller.
Common Use Cases
Helper Methods for Data Processing
using System.Web.Mvc;
namespace DemoMvcApplication.Controllers {
public class ProductController : Controller {
public ActionResult GetProducts() {
var products = FetchProductsFromDatabase();
var processedData = ProcessProductData(products);
return View(processedData);
}
[NonAction]
public string[] FetchProductsFromDatabase() {
return new string[] { "Product1", "Product2", "Product3" };
}
[NonAction]
public string ProcessProductData(string[] products) {
return string.Join(", ", products);
}
}
}
In this example, FetchProductsFromDatabase and ProcessProductData are helper methods that should not be directly accessible via URLs but are needed by the GetProducts action method.
Comparison
| Without NonAction | With NonAction |
|---|---|
| All public methods are action methods | Only public methods without [NonAction] are action methods |
| Accessible via URL routing | Not accessible via HTTP requests |
| Can be invoked directly from browser | Can only be called internally |
| Potential security risk if not intended | Provides controlled access to methods |
Conclusion
The NonAction attribute is essential for maintaining clean separation between publicly accessible action methods and internal helper methods in ASP.NET MVC controllers. It provides security by preventing unintended HTTP access while keeping methods accessible for internal use within the controller class.
4K+ Views
