All ASP.NET MVC Forms Need To Include Html.AntiForgeryToken() For Security

image.png

Having recently been implementing many new form pages in ASP.NET MVC, I’ve found myself over and over again adding the following two things to every form. After Html.BeginForm() I Put @Html.AntiForgeryToken() Add the Attribute [ValidateAntiForgeryToken] To Every Post Action Method Before I was doing so much ASP.NET MVC, I would often see in Channel 9 videos, the presenter add the AntiForgeryToken() after the BeginForm() method on the cshtml razor page and say something like “you should always add this”.  I never saw them say “and don’t forget to add the attribute ValidateAntiForgeryToken to the controller POST method. Just to be clear, below is what I’m talking about: What this does is to make sure that the trusted … Continue Reading

Collection Form Post Parameters in WebAPI Controller

image.png

There are lots of ways using ASP.NET MVC4 to collection passed in form parameters (POST) to the WebAPI Controller.  I’m not wanting to create a Model, I’m not wanting to get involved with dynamic variables, I just want the values that are posted in.  Say for example, my post looks like the following: To capture both sessionId and trackId, I can have a WebAPI controller in Visual Studio that looks just like this: namespace WebAPI.Api{ public class SessionRpcController : ApiController { [HttpPost] [ActionName("UpdateSessionTrack")] [Authorize(Roles = "admin")] public HttpResponseMessage PostUpdateSessionTrack( FormDataCollection formDataCollection) … Continue Reading

Converting ASP.NET WSP (Web Site Projects) to WAP (Web Application Projects) with VS2012

image_thumb.png

  Background There are quite a few articles written on the differences between WSP’s and WAP’s.  In this article, I will not go into the details but just give you some clean mechanics necessary for converting pages using Visual Studio 2012.  Some of those articles are listed below. http://mitchelsellers.com/blogs/2008/01/02/wap-or-wsp-which-to-use-and-why.aspx http://vishaljoshi.blogspot.com/2009/08/web-application-project-vs-web-site.html http://aspnetresources.com/blog/web_site_vs_web_application_project_wap When I was new to Visual Studio, I did choose WSP projects because it seemed easier. Now that I’ve done quite a bit more with ASP.NET, I much prefer WAP projects.  Actually, I hate WSP projects primarily … Continue Reading

Using Fiddler To Replay an AJAX (xmlhttp) Request

image.png

  The Problem I use to spend a lot of time writing throw away JavaScript code to test AJAX (XMLHttpRequest or Asynchronous JavaScript and XML) type requests to my hosted web services.  that is, on my ASP.NET server, I have services that look like the following (Microsoft ASP.NET MVC projects): [HttpPost] [NoCache] public JsonResult GetEmailByPerson(long addressBookEntryId, string existingEmailDetailIds, int? start, int? limit, bool? emailNotViewed = null, bool? emailNotDeleted = null, bool? forceDataToHtmlBody = false) { Utils.AuthorityLevel userAuthorityLevel = Utils.GetUserAuthorityLevel(); if (userAuthorityLevel == Utils.AuthorityLevel.None) { return Json(new { Message = … Continue Reading

Follow

Get every new post delivered to your Inbox

Join other followers: