All ASP.NET MVC Forms Need To Include Html.AntiForgeryToken() For Security

image.png

Having recently been implementing many new form pages in ASP.NET MVC, I’ve found myself over and over again adding the following two things to every form. After Html.BeginForm() I Put @Html.AntiForgeryToken() Add the Attribute [ValidateAntiForgeryToken] To Every Post Action Method Before I was doing so much ASP.NET MVC, I would often see in Channel 9 videos, the presenter add the AntiForgeryToken() after the BeginForm() method on the cshtml razor page and say something like “you should always add this”.  I never saw them say “and don’t forget to add the attribute ValidateAntiForgeryToken to the controller POST method. Just to be clear, below is what I’m talking about: What this does is to make sure that the trusted … Continue Reading

Collection Form Post Parameters in WebAPI Controller

image.png

There are lots of ways using ASP.NET MVC4 to collection passed in form parameters (POST) to the WebAPI Controller.  I’m not wanting to create a Model, I’m not wanting to get involved with dynamic variables, I just want the values that are posted in.  Say for example, my post looks like the following: To capture both sessionId and trackId, I can have a WebAPI controller in Visual Studio that looks just like this: namespace WebAPI.Api{ public class SessionRpcController : ApiController { [HttpPost] [ActionName("UpdateSessionTrack")] [Authorize(Roles = "admin")] public HttpResponseMessage PostUpdateSessionTrack( FormDataCollection formDataCollection) … Continue Reading

How to Disable Edit/Insert/New Buttons in DetailsView or GridView (ASP.NET 2.0+)

So, this is kind of embarrassing, that it took me a while to figure this out.  I have not been doing pure asp.net server control programming for a while, but I figure since it took me a while, maybe there is someone else in the same boat. So, you have a GridView or DetailsView that has standard “Edit” “Update” “New” type command buttons on them.  The way they get there is by having the declaration something like this: … Continue Reading

Bravo for ORCSWeb! On so many fronts

Many of you know of ORCSWeb either by reputation, or by way of Scott Forsyth, one of my ASP.NET MVP brothers.  In case you don’t, they are a managed hosting solutions company specializing in Microsoft technologies.  I’ve used their basic services for quite a while and have always been very happy.  It has always seemed that anytime I’ve called them (and it always seems like the middle of the night) one of their tech support staff is always available to help me, and go the extra mile if necessary. The company I’m now working at is small and we don’t have a lot of resources to maintain hardware and do operating system type support.  We do have a high load requirement so we need a very robust supported solution.  … Continue Reading

Follow

Get every new post delivered to your Inbox

Join other followers: