MVC :: AntiForgeryToken And Logon - Register Controller Methods
Apr 5, 2010should AntiForgeryToken be used with every post actions including user logon - register etc...?
should AntiForgeryToken be used with every post actions including user logon - register etc...?
The code below works for adding all controllers:
container.Register(AllTypes.Of<Controller>().FromAssembly(typeof(MvcApplication).Assembly).Configure(c => c.LifeStyle.Transient.Named(c.Implementation.Name.ToLower())));
But I want to add them one at a time. Nothing I try works (example below). How do I code this?
container.Register(Component.For<CategoryController>().LifeStyle.PerWebRequest);
I have a DC (Win 2K3,IIS 6.0..) and put my site there. I have a local computer (win XP2) with computer name PC1 is already joined to the DC. in PC1 I login with account (user: abc, passs: 1234567) was created on the DC to log on to domain. After successful login into the domain, andand type in my web address, so I have to write code in my web site to understand how abc account login to the domain will always login to the my site must be signed in .not logged in login module that in my site.
I have a DC (Win 2K3) and put my site there. I have a local machine (win XP) with PC1 name is already connected to the DC. PC1 I log in with machine account (user: abc, passs: 1234567) was created on the DC to log on to domain. After successful login khj me on my website, so I have to write code in my web site to understand how abc account login to the domain will always log into the site must be signed in toi.khong Login Module.
i have a repository class inside my model folder; this repositiry contains many methods , which are called from Action methods in the controllers; so my question is :- if i have a method insidle my model.reporsitory which calls a stored procedure, then can i call it an "action method"? or "action method" expression only apply to controller methods?
View 4 RepliesI am having two methods inside a controller like1.public ActionResult ProfileView(int UID){}2.public ActionResult UpdatingAthleticInfo() { }How to call ProfileView method and pass UID parameter from UpdatingAthleticInfo method ??
View 2 RepliesI am getting started with Ap.net MVC. For that i chose to practice it by build an application. Im using MVC 2 and Linq To SQL, and i would like to passing another Query to the view. For example, i have this:
[Code]....
So i would like to pass data1 and data2 to the View. I can use return View(data1), but the View function accept just one data. So what technique i can use to pass the tow data to the view
Working on a heavy ajax based site with over 100 methods from all the ajax calls inside each of each controller all with basically the same code.Was thinking of changing them to a big case statement for readability which would keep the code a bit more dry and make it easier to read.What I am wondering is: Will there be a performance hit and is there a better way to deal with it?
View 4 RepliesI wanted to create a CurrentUser object to be accessible in every Action of Controller, I initialized it in Constructor but User.Identity was not available in Constructor. I followed the following link on stackoverflow:
Defining a User with User.Identity.Name in controller constructor
But after inheriting my Controllers from BaseController, my Action methods are not even executed, the execution stops at Execute of BaseController and I get blank pages in the browser.
I have one controller with 4 to 5 action method. In all action method i have to check some feilds from database. So to reduce the database query i want to save this data one time and then want to use that in all action method. I know about tempdata and view bag but none of this can use in different action method, so how to achive this.
View 1 Repliesi am currently working on an asp.net mvc 2 web app and would like to add some ajax functionality on my delete item actions.Show, on the list items displayed view page, i wrapped the list items inside a partial view and added an ajax delete action link for each item (inside a foreach loop):
[Code]....
On the AjaxDeleteItem ajax controller action, i delete the selected item and redisplay the updated items list (via UpdateTargetId = "divList", where the list items partial view resides).My question is how i could insert Antiforgery token in such a scenario in order to secure delete operations from CSRF and XSRF attacks.
I am using the code as below of this post:First i will an fill array variable with the correct values for the controller action.Using the code below i think it should be very straigtforward by just adding the following line to the javascript:
data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
The <%= Html.AntiForgeryToken() %> is at his right place and the action has a [ValidateAntiForgeryToken]
But my controller action keeps saying: "Invalid forgery token"
====================CODE=======================
data["fiscalyear"] = fiscalyear;
data["subgeography"] = $(list).pa n
[code]....
I'm creating a page that makes multiple AJAX form posts without a page refresh.
I would like to use the ASP.NET MVC HTML.AntiForgeryToken() helper to secure the form against CSRF attacks. I think that each form on the page can share the same token, but will it allow multiple requests with the same token? If not is there a way to get a new token or some other way to secure the forms?
I am using the code as below of this post:First i will an fill array variable with the correct values for the controller action.Using the code below i think it should be very straigtforward by just adding the following line to the javascript:
data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
<%= Html.AntiForgeryToken() %> is at his right place and the action has a [ValidateAntiForgeryToken]
But my controller action keeps saying: "Invalid forgery token
UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development, that follows the UP(Unified Process). It uses a Grasp Controller pattern to interact with domain classes by some methods like NewSale(), AddNewItemToSale() and CloseSale. In windows form, I can instantiate a object of this class in the UI and then use its methods to perform the actions. This works well in Client apps, but when I use asp.net mvc, I cannot find a way to instantiate an object (one for each user) that was always visible for a Controller (MVC). I cannot insert as an attribute inside Controller because it always create a new one.
View 1 RepliesI have an extension method as follows:
public static class PageExtensions
{
public static int GetUserId(this Page targetPage)
{
var user = Membership.GetUser(targetPage.User.Identity.Name);
return (int)user.ProviderUserKey;
}
}
Now in a page I need to use this method in a static WebMethod, so I have added another 'extension method' to PageExtensions:
public static int GetUserId()
{
return (int)Membership.GetUser(HttpContext.Current.User.Identity.Name).ProviderUserKey;
}
and I call it as follows in my WebMethod: PageExtensions.GetUserId()
public class CacheHelper { /// <summary> /// Removes object with the specified key. /// </summary> /// <param name="key">The key.</param> [code]....
I have this methods for caching..I need to change this methods to use in aDictionary<string,object>
How do I need to change this code Because I am new to asp.net I am still learning..
I have a website that has a secure admin section with its own login page and a public area with another section that allows people to register and login (using a different login / register page). In my web.config file I have this entry <location path="MemberDetails.aspx">
View 11 RepliesI am beginner in web applications development. I started one little project and host it on source forge "https://homoco.svn.sourceforge.net/svnroot/homoco". And I started implementing authentication in this application to learn how it works. From my experience people never use out of the box things so I want to implement this stuff alone (like in real world projects). So some questions:
1) Is there any reason to use membership out of the box? To use database table schema, stored procedures etc. that tool generate for developer. I think that this lower control over code and I decided to implement it my self. I don't know if I am right.
2) Is my approach in this demo project good or bad (if someone have time I like to do just a little code review)? I created database based on business rules. Not using database schema that membership provider require. Extend "MembershipProvider" class to satisfy my needs. Implement queries to database myself.
3) Now, this question is a little wired but I have to ask it. If we make custom Membership Provider and do sql queries alone, implement all MembershipProvider class methods ourselves, and in application use Membership.blabla() why is this approach different from not extending MembershipProvider class and putting all this methods in some unique class and call its methods then? I hope that someone understand what I ask here.
I am sorry for three questions, but I really trying to find the best way to implement this feature in my demo project like it is a real world application.
my MVC2 delete and only my delete controller is refusing to return any class information. Its really similar to my edit function and the views are all auto-generated so I don't see the problem.
Function Delete(ByVal id As Integer) As ActionResult
I have a simple model where a Person has Gifts. I have a view which is a list of Gifts belonging to one Person.
My problem is with the Create action for a new Gift. I want it to default to the PersonID that we are already viewing the list of Gifts for. I tried simply passing the last PersonID (they are all the same)
Html.ActionLink("Create New", "Create", new { id = Model.Last().PersonID }) which works fine if there is already at least one Gift for that person but if this is the first Gift I don't have a value.
My Gift List controller knows the PersonID I want to pass but the view doesn't.
How do I pass this PersonID from my Gift List controller to my Gift Create controller via the Gift List view? Or is there a better way to do this?
I have a filter on my MVC web site. I display some records in a few different controller actions but when moving from one action to another I want to apply those filter values.
How can I persist values from controller to controller?
Should I use Session? TempData?
I am using Structure Map for IOC.
Maybe I could have a class that contains a Property for each Session Value that I use in my application and inject it on the controllers that need session?
How do you get the current action / controller name in a controller or class?
i can't show it in my view but that's not what i want.
I am a windows application developer doing a web application with VB.net and SQL 2008 for the first time.I have developed a web application where users are supposed to view a file after selecting from a listbox. I then pick the users logon ID from windows then store in database and produce statistical reports later. It was working fine on my local machine till i deployed it on server to make it accessible on the intranet. The server OS is Windows 2008 Server and runs IIS. My issues are as follows,1. The application is unable to store the user logon id from the client.2. When more than one user uses the application, then there are errors but one user does not produce errors.
View 1 RepliesI am a windows application developer doing a web application with VB.net and SQL 2008 for the first time.
I have developed a web application where users are supposed to view a file after selecting from a listbox. I then pick the users logon ID from windows then store in database and produce statistical reports later. It was working fine on my local machine till i deployed it on server to make it accessible on the intranet. The server OS is Windows 2008 Server and runs IIS. My issues are as follows,
1. The application is unable to store the user logon id from the client.
2. When more than one user uses the application, then there are errors but one user does not produce errors.
As i have developed my asp.net application with crystal report using sql server 2005.... on windows xp OS machine x86
My hosting provider is using sql server 2008 on windows server 2008 OS x64...
Please let me know the sql native client version of ms sql server 2005
and sql native client version of ms sql server 2008
will sql native client version of ms sql server 2005 will work on sql native client version of ms sql server 2008..
or we need the same sql native client version of ms sql server 2005 to run my crystal report