How to Reject Get method when QueryString is passed

Question

In MVC application My Current Route Config is:

routes.MapRoute(
    "PaymentInformation",
    "PaymentInformation.aspx/{resNum}",
    new { controller = "Reservation", action = "Edit", resNum = UrlParameter.Optional }
);

It calls below mentioned method when we hit this Url: https://www.example.com/PaymentInformation.aspx

HttpGet]
[ValidateRequest(true)]
public ActionResult Edit(string resNum)
{
    ReservationPresenter reservationPresenter = new ReservationPresenter();
    return View(reservationPresenter);
}

What I want is that when Querystring is passed (in GET Method) then the same above method/Action above should not be called and I just want to Show a Message.

The URL with Querystring should be like this: https://www.example.com/PaymentInformation.aspx?xyz

Can please anyone suggest me what will be MapRoute in Route Config.

In breif what we want is that Any request with sensitive information sent over a GET method should be rejected by the application.

Answer 1

I don't think this is the way you should go, but if it's really what you want, try the following:

1) Create a IRouteConstraint class and implement it, something like this:

public class NonQueryStringRouteConstraint : IRouteConstraint {
    public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection) {
        return httpContext.Request.QueryString.Count == 0;
    }
}

2) Add the constraint to the route:

routes.MapRoute(
    "PaymentInformation",
    "PaymentInformation.aspx/{resNum}",
    new { controller = "Reservation", action = "Edit", resNum = UrlParameter.Optional },
    new { resNum = new NonQueryStringRouteConstraint() }
);

Mind you though, the NonQueryStringRouteConstraint will also be executed when generating URL's, so you might want to check the routeDirection parameter if necessary.