How To Mitigate XSRF For MVC Ajax.ActionLink Requests

Jan 2, 2010

I have many Ajax.ActionLink's on my ASP.NET MVC (v1) page that perform destructive operations. This is "legal" because I set HttpMethod to DELETE in this case so it's not a destructive GET.

My question though is how to mitigate XSRF attacks on this operation so that other sites cannot craft this same Ajax DELETE request to delete user data from another site. This ActionLink does appear within a form that includes <%= Html.AntiForgeryToken() %> but since ActionLinks don't post the form, the anti-forgery token doesn't go to the controller, so it can't validate it.

View 2 Replies


Similar Messages:

Security :: Mitigate The XSS / HTMLEncode And HTMLDecode?

Oct 6, 2010

Trying to protect against XSS on a CMS I'm working and I therefore encode all necessary client input but on retrieval from DB, I'm getting all these funny HTML characters displayed on the HTML Page as a result of the encoding.

I'm considering appending a decode on retrieval but I'm wondering what the point of the inital encoding is if I decode eventually.

Please how do I effectively mitigate the XSS issue using the encode/decode avenue.

View 3 Replies

Selectively Redirecting HTTP Requests To HTTPS Requests?

Jun 18, 2010

What's the simplest and most effective way to selectively redirect HTTP requests to your ASP.NET page to its HTTPS equivalent? For example, if my page site URL is [URL], I want to redirect some (or all) page requests to [URL] What's the easiest way to do that?

View 2 Replies

MVC :: 3 - Ajax.actionlink Does Not Work

Mar 2, 2011

i have an application mvc3, created a link with ajax but confirm property does not works.

index.cshtml is
@{
View.Title = "Home Page";
}
@section Header{
<script src="../../Scripts/MicrosoftAjax.debug.js" type="text/javascript"></script>
<script src="../../Scripts/MicrosoftMvcAjax.debug.js" type="text/javascript"></script>
}
<h2>@View.Message</h2>
@Ajax.ActionLink(
"Delete Product",
"Delete",
new { id = 1 },
new AjaxOptions { HttpMethod = "DELETE", Confirm = "Are you sure?" }
)

and home controller delete action

public ActionResult Delete(int id)
{
return View();
}

but directly does delete page. how can i confirm box show?

View 6 Replies

C# - Ajax Actionlink Redirecting Instead Of Updating Tag?

Feb 23, 2011

When I am making an ajax call the controller is redirecting and not updating my tags my code looks like as follows.

This is in the _layout.cshtml

<code>
<script src="@Url.Content("~/Scripts/jquery-1.4.1.min.js")" type="text/javascript">
</script>
<script src="@Url.Content("~/Scripts/jquery.unobtrusive-ajax.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/MicrosoftAjax.js")" type="text/javascript">
</script>
<script src="@Url.Content("~/Scripts/MicrosoftMvcAjax.js")" type="text/javascript">
</script>
</code>

And This is what the web config looks like, I have also tried turning off unobtrusive javascript off with no luck.

<code>
<appSettings>
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />

[Code]....

View 1 Replies

Controller AJAX Method To Return ActionLink

Apr 4, 2011

I am fairly new to MVC and just trying to achieve something which I think shouldn't be too complicated to achieve. Just want to know what the best approach for that is. I have an Event-RSVP application (NerdDinner kind) where you go to view details of the event and then click on an AJAX link that will RSVP you for the event.

<%
if (Model.HasRSVP(Context.User.Identity.Name))
{
%>
<p>

You are registered for this event!

<%:
Ajax.ActionLink("Click here if you can't make it!", "CancelRegistration", "RSVP", new { id = Model.RSVPs.FirstOrDefault(r => r.AttendeeName.ToLower() == User.Identity.Name.ToLower()).RSVPID }, new AjaxOptions { UpdateTargetId = "QuickRegister"})
%>
</p>
<%
}
else
{
%>
<p>................

View 2 Replies

MVC :: OnComplete Ajax.ActionLink Parameter Not Json In MVC 3?

Jan 27, 2011

I posted this on Stack overflow [URL] but have not had a solution, just completely different way of doing it without using the Ajax.* helpers so I'm wondering if anyone has an Ajax.* solution here?I'm using MVC 3. I have a method on the controller that returns a Json object, according to this question it should be returned to me as Json, but I am finding that is not the case[URL]
here's the code that I have:

[Code]....
And the controller:
[Code]....
The first message box displays the response text which is:{"Success":True, "objectId":"testing"}
the second message box displays undefinedSo it is coming back to the client correctly, I'm just not sure how to get it out?...Stefan

View 3 Replies

MVC :: Call Ajax.ActionLink From JavaScript Function?

Jan 6, 2011

I know that I do not want to actually use an Ajax.ActionLink from within a JavaScript function, but for the life of me I cannot figure out how to replicate the behavior. Here is what I have in my MVC 3 RC2 _Layout.cshtml:

[Code]....

I do NOT want to use:

[Code]....

Unless that can be made to populate at runtime, on demand from a script. manually clicking the ""Load Menu" ActionLink works exactly like I want except it requires the user to click the link; I want to do that for them... in this case from the Body onload event.

View 8 Replies

MVC :: Manage Ajax Postback When ActionLink Is Pressed?

Feb 17, 2011

I have next situation:

1) Polls EF model (Poll (ID,Text),PollQuestions(ID, PollID, Answer),PollStatistics (ID,VotesCount))
2) Action in Home Controller named Poll which returns Poll model
3) Action in Home Controller names PollResult which returns PollStatistics model
4) On Partial View Poll (radiobuttons using PollQuestions list), ActionLink to post pack
5) On Partial View PollStatistics results information
6) In Home View <div id="Poll">{Here is shown Poll PartialView}</div>

I'm quite new to MVC tech. so the question would be how can I manage Ajax postback when ActionLink is pressed and show up polls result using PollStatistics? (How does result view is passed?) If it's possible - just simple example :)

View 2 Replies

MVC :: Ajax ActionLink Results In Resource Not Found?

Mar 11, 2011

I've spent a while trying to figure this one out, . I am trying to implement a simple jax.actionlink(first time using) on rows in a table to remove the record from the user control. The ActionLink httpMethod is set to POST but it is not even hitting the Post action I have in the controller. It just gives me a 404 Resource not found error everytime.

I checked fiddler and the reason why I think is because its doing a GET instead of the value i set of POST. I dont have a get method for this since its just an ajax call to delete a record and return a partial view back to the div. I put a breakpoint in the POST method and definitely is not hitting that method. I'm not sure if its something simple or a configuration/routing issue or IIS issue. I've tried in chrome and IE8 just in case.

[Code]....

View 3 Replies

Ajax.ActionLink Is Not Working - Response.IsAjaxRequest() Is Always False

Feb 11, 2011

I have been googling/SO:ing this issue for a while and many seem to be sharing this, but I haven't found any successful solution to my problem.

Using MVC3 and Razor.

Master page contains:
<script src="@Url.Content("~/Scripts/jquery-1.5.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/MicrosoftAjax.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/MicrosoftMvcAjax.js")" type="text/javascript"></script>
AjaxTest.cshtml contains:
<div id="AjaxTestDiv">content</div>
@Ajax.ActionLink("Update", "AjaxTester", new AjaxOptions { UpdateTargetId = "AjaxTestDiv" })
AjaxTester action method:
public string AjaxTester()
{
if (Request.IsAjaxRequest())
{
return DateTime.Now.ToString();
}
else
{
return "FAIL";
}
}

I always get the "FAIL" returned, to a blank page, not in the targeted div.

Edit: Also note that if I remove the if (Request.IsAjaxRequest()), I still don't get back anything to the targeted div, but instead a blank page.

Edit2: Looking at the HTML generated, this is my link:

<a data-ajax="true" data-ajax-method="POST" data-ajax-mode="replace"
data-ajax-update="#AjaxTestDiv" href="/Area/AjaxTester">Update</a>

Have tried switching the method to GET, to no avail.

View 1 Replies

MVC :: Detecting Data Returned From An Ajax.ActionLink Call

Nov 19, 2010

How can I detect if an Ajax.ActionLink call returned any data? See below:

[Code]....

View 2 Replies

MVC Ajax.ActionLink Example Doesn't Work In IE... But Does In Firefox, Chrome, Safari

Feb 14, 2010

I have the following controller:

using System;
using System.Collections.Generic;
using System.Linq; [code]....

When I click the action link in IE the controller code runs but the div is NOT updated. Do it in ANY other browser and it works just fine. Is this (yet another) known problem/bug with IE??

View 2 Replies

MVC :: How To Display Image Instead Of Edit And Delete Ajax.ActionLink With Same Functionality

Mar 4, 2011

I am new for MVC, now we are using MVC 3 Razor. I am using Webgrid with edit and delete functionality

my requirement is i want to display image instead of edit and delete Ajax.ActionLink with same functionality.

View 1 Replies

Ajax.ActionLink Generated Markup Lacks Onclick Attribute?

Mar 16, 2011

I've got problem with generating ajax anchors. I'm using simple

Ajax.ActionLink("test", "Test", new AjaxOptions { UpdateTargetId="test", HttpMethod="GET" }) and the generated markup is:
<a data-ajax="true" data-ajax-method="GET" data-ajax-mode="replace" data-ajax-update="#test" href="/Home/Test">test</a>
which, obviously lacks the onclick="Sys.Mvc.AsyncHyperlink.handleClick(...)" attribute.

View 1 Replies

AJAX :: Make Requests With Faster

Dec 11, 2010

i find a lot of websites that have some parts in the page that uses ajax much more faster than i used to see ajax requests

like changing views using tabs when i click a tab it changes content very fast than i used to in my web applications using Asp.Net and Ajax Control Toolkit

and also a very quick paging in repeaters or grids than i ever developed in my web apps

like this website [URL] i need to know which technology used to achieve this this website is developed using .net

so

but i need to know is this needs another technology to learn (from where can i learn it)

or is it just asp.net + ajax or whth other technology

is it MVC

also i want to know if MVC is better than asp.net + ajax in concern with performance

View 4 Replies

VS 2012 - How To Handle Ajax Requests In MVC

Jun 24, 2014

This is sort of a continuation of a previous thread: View thread

The requirement I have is to be able to have a popup form that shows detailed data on a facility. This would be available on various pages of the website where the user may want to drill down and see detailed information on a facility. We also want to allow the user to update the data on the facility if so desired. I have the code working to show the popup form and get the html for the popup from a view. Right now I'm setting the values of the input boxes using razor code that accesses the @model object. That's about as far as I've gotten.

Where I'm struggling is:

1. How to tie the data in the inputs back to the view model.
2. How to write the ajax code to write the data back to the server. I tried using a standard form, but that redirects the original page that popped up the form. I want to leave that page alone and just submit the data back to the server and close the popup.

Now my dev lead wants us to use the dojo toolkit for our javascript library. That would be OK if I already knew what I was doing with regard to web development, but I don't - and documentation is just not very good with regard to dojo. I'm still trying to figure out html and mvc, so I thought I'd see if I can get this scheme working with some other javascript library first, and then see about switching it over to dojo.

I've read some about knockout and jquery, but with everything being so new to me it's hard to get all this to gel in my head, and I'm not sure about my design. I've read some about mvc's built in ajax tools, but so far all I'm seeing is stuff related to getting data and displaying it - not about submitting data.

I'd like to be able to send the data back to the server in the same object structure that I extracted it with - something that matches the model. I think this is doable, but I'm not sure - and the 'how' of it is escaping me at this point.

View 20 Replies

How To Pass JavaScript Function As A Parameter In The Route Values Of Ajax Actionlink

Apr 20, 2010

I need to pass javascript function as a parameter value to the ajax actionlink in asp.net mvc app. how can we achieve this?

View 1 Replies

How To Handle Ajax Requests When User Is Not Authenticated

Apr 5, 2010

How do you handle ajax requests when user is not authenticated?

Someone enters the page, leaves room for an hour, returns, adds comment on the page that goes throuh ajax using jQuery ($.post). Since he is not authenticated, method return RedirectToRoute result (redirects to login page). What do you do with it? How do you handle it on client side and how do you handle it in controller?

View 4 Replies

Jquery - How To Make Requests With Ajax Faster

Dec 11, 2010

i find a lot of websites that have some parts in the page that uses ajax much more faster than i used to see ajax requests

like changing views using tabs when i click a tab it changes content very fast than i used to in my web applications using Asp.Net and Ajax Control Toolkit

and also a very quick paging in repeaters or grids than i ever developed in my web apps

like this website [URL]

so i need to know which technology used to achieve this this website is developed using .net

but i need to know is this needs another technology to learn (from where can i learn it)

or is it just asp.net + ajax or whth other technology is it MVC

also i want to know if MVC is better than asp.net + ajax in concern with performance

View 5 Replies

C# - Does MVC 2.0 Model Binding Work With Ajax Requests

Feb 23, 2010

i'm just sending a normal POST request using Ajax.BeginForm... i output the form elements using the .TextBoxFor and .HiddenFor etc... all as i should... and when it's posted via ajax to my action method, the object in the action method (named "Comment") is not populated with the values!

Am i missing something? here is the relevant part of my code to those who want to see it...

[code]....

View 2 Replies

MVC :: To Use AsyncController To Allow User Concurrent Ajax Requests?

Jun 10, 2010

In my ASP.NET MVC2 web app I have a page which goes off and gets results from a number of different web service feeds. These return times vary so I want to basically display them as they return after the page loads. I also want my user to be able to kick of requests that can run concurrently with these other requests.

At the minute my page just seems to queue up the requests. The web service calls returning one at a time in the order they are called and then the user can kick of requests.

Is this a case for the asyncController or is there an easier/better way of working this?

View 5 Replies

WCF / ASMX :: PowerShell In Web Service For Ajax Requests?

Dec 9, 2010

A customer wants us to create an ajax-enabled web application that can be used to manage their IT environment (Active directory, mail, file security, ...). However, as the team that will support the web application does not know anything about these IT systems, they would like to split the coding so that all interfacing with the IT environment is done via PowerShell, which is known by the administrators of these systems. This would mean that if new functionality is required, the web team can just create an additional web page and interface and use PowerShell scripts that get created by technically skilled people in that specific topic (ie mail administrators). I don't see an issue using this approach for requests like adding a user where latency is not an issue, but I do wonder if this is feasible for interactive content with Ajax.

Ie I would like to implement a google suggest like search for AD users. This would mean that ie for every x keystrokes (or x seconds whatever approach I implement) an Ajax request will be made and the web application or web service will than use PowerShell to get the data. Taken into account that up to about 75 users can use this feature, is this something that would work? Not only performace-wise but also the number of connections (I read about the Powershell 5 remote session limit but also that it could be put to a higher number)? The example above is probably the most resource heavy Ajax requests (and can be optimized by caching), so taken into account they don't want this nice feature, are basic PowerShell scripts in ajax request really an option. My gut feeling is telling me this is a no-go, but I don't want to exclude the option just because it's not something I usually would do.

View 1 Replies

AJAX :: Requests Work On Localhost But Not Performed On Public IP

Feb 21, 2011

I'm am experiencing some strange behavior with a website. I have a page that performs a simple AJAX request to fill a div. The data is fetched from a page in the same domain. When I perform the request using [URL]. The requests work perfectly, but when using [URL] or [URL]. My requests are simply ignored. I've used Firebug to track requests, and not even a single ajax request is performed. Normal requests (such as fetching the main page that invokes the ajax code) works fine on both scenarios.

View 2 Replies

C# - MVC HTML.AntiForgeryToken() With Multiple AJAX Requests From One Page?

Mar 8, 2011

I'm creating a page that makes multiple AJAX form posts without a page refresh.

I would like to use the ASP.NET MVC HTML.AntiForgeryToken() helper to secure the form against CSRF attacks. I think that each form on the page can share the same token, but will it allow multiple requests with the same token? If not is there a way to get a new token or some other way to secure the forms?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved