Introduction
In ASP.NET MVC / ASP.NET Core MVC, handling user requests correctly is crucial for building secure, maintainable, and scalable applications. One of the most fundamental concepts in MVC is the use of HTTP verbs, especially GET and POST, implemented using the attributes [HttpGet] and [HttpPost].
This article explains why we use [HttpGet] and [HttpPost], their purpose, and how to use the same action name safely with a real-time example from a typical business application.
What Are HTTP Verbs?
HTTP verbs define what type of operation the client wants to perform.
| Verb | Purpose |
|---|
| GET | Retrieve data / load a page |
| POST | Send data to the server |
ASP.NET MVC uses these verbs to decide which controller action should handle a request.
Why [HttpGet] and [HttpPost] Are Needed
Without these attributes:
ASP.NET cannot clearly decide which action to execute
Runtime Ambiguous Action errors may occur
Security vulnerabilities may be introduced
By explicitly defining HTTP verbs, we:
Core Rule (Very Important)
The same action name is allowed when HTTP verbs are different.
This means:
ASP.NET selects the action based on the HTTP method automatically.
Real-Time Scenario: Add New Client Module
Business Requirement
An admin wants to:
Open the Add New Client page
Enter client details
Save the client to the database
This is a very common real-world scenario.
Step 1: Load the Page (GET Request)
When the user opens the page:
/Admin/AddNewClientList
The browser sends an HTTP GET request.
Controller Code
[HttpGet]
public IActionResult AddNewClientList()
{
return View();
}
Purpose of [HttpGet]
Step 2: Submit the Form (POST Request)
When the user clicks Save, the browser sends a POST request with form data.
Controller Code
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult AddNewClientList(AddNewClient model)
{
if (!ModelState.IsValid)
return View(model);
// Save data to database
return RedirectToAction("ClientList");
}
Purpose of [HttpPost]
Why the Same Method Name Is Used
Using the same method name improves:
Both methods represent the same feature, but different stages.
AddNewClientList() // Load form (GET)
AddNewClientList(model) // Process form (POST)
How ASP.NET Decides Which Method to Call
ASP.NET uses the following decision order:
URL
Controller
Action name
HTTP verb
That’s why [HttpGet] and [HttpPost] are mandatory when method names are the same.
What Happens If You Don’t Use Them?
Same Name Without Attributes
public IActionResult AddNewClientList()
public IActionResult AddNewClientList(AddNewClient model)
Result:
AmbiguousActionException
Two GET Methods With Same Name
[HttpGet]
public IActionResult AddNewClientList()
[HttpGet]
public IActionResult AddNewClientList(int id)
Result:
Runtime routing conflict
Why GET Is Not Used for Saving Data
Problems:
Data appears in URL
Security risks
Limited data length
Easy data tampering
Example (BAD):
/AddClient?name=Ravi&pan=ABCDE1234F
Why POST Is Not Used for Page Load
Problems:
Post → Redirect → Get (PRG Pattern)
After a successful POST, always redirect:
return RedirectToAction("ClientList");
Benefits:
Best Practices
Always pair GET and POST actions
Use [ValidateAntiForgeryToken] with POST
Never modify data in GET
Keep business logic out of controllers
Conclusion
Using [HttpGet] and [HttpPost] correctly is essential in ASP.NET MVC. They allow the same action name to handle different stages of a request safely and efficiently. By following this pattern, developers can build clean, secure, and professional applications that work reliably in real-world scenarios.