Form Access Control

[Anwar Robertson]

How can I prevent an ASP.Net webpage from being accessed outside of the
[pagemethod] attributes... for example... I put some logic into the
[pagemethod]s that does some preprocessing on the form... such as
loading combo boxes and such... How can I prevent this form from being
called using normal conventions... such as a regular call to that
page... Is there any logic where I can say... unless it came through a
PageMethod... redirect to an invalid request page or something...

[emission]

There is no obvious and foolproof way to do this. PageMethods only
produces a URL, so there is no such thing as "came through a
PageMethod".

What you can do is check the return value of
PageMethodsEngine.InvokeMethod. If it's false, none of the defined
pagemethods matched the provided url, and you are free to handle this
error in any way you see fit.

[Fabrice Marguerie]

emission provided the right answer.
You should test the result of the call to
PageMethodsEngine.InvokeMethod.
This is what is done in MetaSapiens.PageMethods.BasePage

Here is the code executed in BasePage.OnLoad:

if (!IsPostBack)
if (!PageMethodsEngine.InvokeMethod(this, _HandleDefaultMethod))
throw new PageMethodsException("Bad web page invocation. Check the
URL parameters.");

You can either inherit from BasePage or use similar code to reject call
that do not result in PageMethods invocations.

You can get more information in the FAQ
(http://metasapiens.com/PageMethods/faq/). Look at the following
question: "I have this page with page methods, can I refer to it
without any parameter on the URL? Is the PageMethod parameter mandatory
in URLs?"

Fabrice