Common Pattern in ASP.NET Razor For Clean cshtml Pages

I’ve been doing a lot of work over the past year in Microsoft’s ASP.NET Razor.  I’m not an html wizard and definitely a razor syntax wizard, but I have figured out a way that saves me time over and over.  It’s basically the same pattern of thinking that has me often do things in 2 or 3 steps instead of one just to make sure the logic is overly clear. In this case, I often find myself trying to create complex Razor syntax to output data.  That is, say I want to output a link that combines a static URL with a dynamic one coming from a model.  My first work is almost always trying to do it all at once and I’m guessing at least someone is going to tell me how I could have done.  That is, I want something like (in non-working … Continue Reading

With jQuery and ASP.NET MVC Almost Radio Buttons

image.png

The Silicon Valley Code Camp web site used jQuery to do a lot of the page markup manipulation.  Behind the scenes of course is ASP.NET MVC5 which has a lot of helper methods for things like Check Boxes and Radio Buttons.  General purpose methods are nice (until they are not).  I’m building a more sophisticated “Opt-Out” for the code camp site and have created a choice where the user can say they want “All Emails” or “Critical Emails”.  I did not want to have a third choice for “No Emails” since say they don’t want all and they don’t want critical implies they don’t want any.  Also, it does not make sense for the user to say they want both “All” and “Critical”. It’s a one or another, just like radio buttons. Since I could not use … Continue Reading

All ASP.NET MVC Forms Need To Include Html.AntiForgeryToken() For Security

image.png

Having recently been implementing many new form pages in ASP.NET MVC, I’ve found myself over and over again adding the following two things to every form. After Html.BeginForm() I Put @Html.AntiForgeryToken() Add the Attribute [ValidateAntiForgeryToken] To Every Post Action Method Before I was doing so much ASP.NET MVC, I would often see in Channel 9 videos, the presenter add the AntiForgeryToken() after the BeginForm() method on the cshtml razor page and say something like “you should always add this”.  I never saw them say “and don’t forget to add the attribute ValidateAntiForgeryToken to the controller POST method. Just to be clear, below is what I’m talking about: What this does is to make sure that the trusted … Continue Reading

Safely Encoding Strings On ASP.NET MVC Razor Pages (sometimes)

  Background Sometimes, we want to let html tags come through our web pages from user defined content.  If for example, you have a workflow that requires approval before publishing, there are times when you want to let the author put through html, links, etc.  Solution In Visual Studio write a simple HtmlHelper method that allows for a flag you can pass through.  In my case, I have a database table with a boolean column “allowhtml”.  If this is set, then instead of using Html.Raw(…) I can use my own helper method, pass in the allowHtml value and if it is set true, then allow the not encoded Html to flow through. Here is that helper method: namespace WebAPI.Code.Helpers { public static class … Continue Reading

Follow

Get every new post delivered to your Inbox

Join other followers: