I'm creating a page that makes multiple AJAX form posts without a page refresh.
I would like to use the ASP.NET MVC HTML.AntiForgeryToken() helper to secure the form against CSRF attacks. I think that each form on the page can share the same token, but will it allow multiple requests with the same token? If not is there a way to get a new token or some other way to secure the forms?
I am using the code as below of this post:First i will an fill array variable with the correct values for the controller action.Using the code below i think it should be very straigtforward by just adding the following line to the javascript:
data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
<%= Html.AntiForgeryToken() %> is at his right place and the action has a [ValidateAntiForgeryToken]
But my controller action keeps saying: "Invalid forgery token
I have a form which inserts data in DB on Submit button click but the problem is when client click the button multiple times its sends multiple create requests means multiple button click events for the same time of same data, which must not be.
I tried to disable the button when client click the Submit button first time but after this it does not call server click event handler or not fire the server click event once it got disabled.
How to handle this multiple click problem..
I used the following code to disable the button
[code]....
Imagine a website where individual clients can see each-other's presence - like a social network or a chatroom.
For example:
Client1 connects to my website.The back-end C# code updates a static field to indicate Client1's presence.
Client2 connects to my website.Will the back-end C# code for the second request see the information stored in the static field from the first request? Is there anything I need to do to guarantee that these seperate instances of my ASP application are sharing static data?
I am using asp.net and I would like to test a few hundreds concurrent requests to the same page, and get a result. I don't need it via browser. Just a tool that sends requests and prints the result Is there such tool?
View 2 RepliesI'm building a web application that has a particular model representing some events. Users need to be able to add N number of people to a given event. Choosing people is handled by a partial view.
I'm trying to build a menu that displays when users click "add a person" to the event. Because the event hasn't been filled out completely yet, there is nothing in the database to persist between requests.
I also have validation logic on the event page.
My proposed solution is to add the form to search or add for people on the event form itself and have a submit button that sends the values that have been added back to the server, where I can store them in ViewData or Session.
Unfortunately, doing this flags the validation.
My second solution is to load a partial view responsible for loading the UI to add/search for a person. I could add a little code on the method in the controller that returns a partial view storing the existing data in a session variable or viewdata. Trouble is, I have to submit the form to do it--again tripping the validation!
I'm wondering if perhaps I chose the wrong tool to do this...because in webforms, there would probably be a postback and you would just perform an operation on that postback. I'd like to avoid rewriting the application in webforms and am wondering if there are ways I'm overlooking in ASP.NET MVC.
I'm busy trying something new, I'm currently busy experimenting with asmx web services, jquery for ajax requests to the web services and jtemplate as a client side template engine. Everything works fine so far, my only problem is authentication. I'm using forms authentication with a regular login.aspx web form with login control added as my login page. My content pages that needs to be authorized are .html files. I found a wiki article on howto add mappings to the aspnet_isapi.dllfor other file extensions, it is based on IIS 6. Does anyone know how i get this working on Win 7 IIS 7.5? I tried various things inetmgr with the mapping handler without success, the closest i got was when it did redirect me to login page, i logged, it directed me back to the html page but it was blank.
For that I used "add managed handler", request path = "*.html", type = "System.Web.UI.Page, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" name="HTML"
Here is the link to the wiki page i found: [URL]
Is it possible to send multiple HTTP requests asynchronously to an ASP.NET web site or any other web server using .NET ? And, then. collect responses from those requests as they come using .NET asynchronous paradigm ? Is it possible ? Or would there still be limit of max 2 HTTP connections from .NET using HTTP ?
View 1 RepliesOk I hope I can describe this clearly. This is all demo code nothing in production.Right now I have a stored procedure that is
[Code]....
This will return only one row as ID is uniquethen I have a procedure that gets all the colors that are available for this model number and i use that data in a drop down list, it is like this
[Code]....
this can return multiple rows with different colors.Right now i am opening a connection getting the product data, consuming that to properties of a class, then to get the data from the Colors I open another connection run the procedure with the model parameter being the model returned from the first sproc and bind that to my ddl.I want to do this in one connection and just get two result sets back. So how do I set the parameter of the second procedure to be the model from the first?
I have a small project I am working on using web developer express, and I am trying to get windows authentication to work with my intranet website project. This website is only to be accessed inside my LAN and not from the internet at all, so I figured windows authentication would be best.What happens when I turn it on (and I've tested this from multiple browsers: IE8, Firefox, Chrome, Safari) is that the website asks the user to log in (via pop up textbox). Not only does it request the user to log in (which I don't think it should, since the login is based on windows authentication and I am on a windows machine already logged into the internal domain) but it requests the user to login multiple times, sometimes I get asked to log in and type in the same username/password combination 12 different times. It seems to me that the asp page is requesting permission to view each individual element and requires authentication to load one object (like an image or text box).
I am severely annoyed. :( I just wanted authentication to work smoothly without any login requests, or at the mostone request.
we have this web service that sends JSON code to an iPhone application.
Each time the app makes a request, the web serice accesses the database, grabs corresponding xml data, transforms it to JSON code and then sends it back to the app.
the xml data gets updated approximately every minute, you can assimiliate this process with a sport app of which you can watch live game commentaries.
Now the iPhone app is going to implement a refresh button which a user can proactivly hit it against the service to fetch the latest data.
So we need to implement something that is capable of handling multiple requests that could occur at the same time or in a very short period of time.
I've got a WCF web service that runs fine at the moment but there is talk about using it very heavily soon. As part of it's normal process it writes a file out, then reads it back in again (don't ask why, I know it's stupid). I'm concerned that if we start hitting it with lots of requests then the following might happen.
1. Request 1 writes the file out.
2. Request 2 comes in and overwrites the file.
3. Request 1 reads the file back in but this is now the wrong file.
My understanding is that the requests would naturally queue up so that request 2 wouldn't start until request 1 had finished, but I'm not totally sure.
I have created nine custom HTML Editors in a web application using AjaxControlToolKit.
I am able to connect to SQL database and get the information displayed on all nine Editors. I am also able to update and insert data into database using the Editors. When i am trying to modify the text displayed in the some of the Editors, certian child controls in the Editors are not working.
For example if i try to add hyperlink to the text in the first Editor it works fine, i mean all controls infirst Editor works fine. But in the second Editor the hyperlink control doesn't work. The same thing happens forthird, fourth, fifth Editor, but the sixth, seventh, eigth and ninth Editor the Hyperlink works but destination url popup dialog box is displayed at the bottom of the page. this is happening only for hyperlink control in these Editors.
The following code i have used to create the custom editor class
[Code]....
to register the custom editor in .aspx
[Code]....
I'm using HttpContext.Current.Items to make a Per-Request Cache Store. I'm hitting to many Cache entries over different http requests.
It seems that HttpContext.Current.Items is reused across multiple http requests. Is it normal?
ASP.NET MVC - Multiple Buttons on a Form this is what I am trying to do too, except the first answer doesn't satisfy my requirements and the second one uses formcollection. I am not passing formcollection. I am passing values to the ActionResult method, because in my scenario, it doesn't make much sense to use formcollection, because user is hardly filling out any data. I really prefer using SubmitImage at the moment, so I would prefer if your solution doesn't involve me switching to css or input type etc. EDIT: I'm using Ajax.BeginForm and that seems to be the problem rather than Html.SubmitImage
View 1 Repliesi am currently working on an asp.net mvc 2 web app and would like to add some ajax functionality on my delete item actions.Show, on the list items displayed view page, i wrapped the list items inside a partial view and added an ajax delete action link for each item (inside a foreach loop):
[Code]....
On the AjaxDeleteItem ajax controller action, i delete the selected item and redisplay the updated items list (via UpdateTargetId = "divList", where the list items partial view resides).My question is how i could insert Antiforgery token in such a scenario in order to secure delete operations from CSRF and XSRF attacks.
So I have a repeater control that lists a bunch of information for each staff member...one after another. Problem is when I try to print this list I have staff records starting out in the middle of the page. I would like to solve this issue by forcing a page break at the beginning or end of each record/repeater item. How can I accomplish this?
<body>
<form>
<asp:repeater>
<itemtemplate>
<table>
<bunch of html>
</bunch of html>
</table>
</itemtemplate>
</asp:repeater>
</form>
</body>
should AntiForgeryToken be used with every post actions including user logon - register etc...?
What's the simplest and most effective way to selectively redirect HTTP requests to your ASP.NET page to its HTTPS equivalent? For example, if my page site URL is [URL], I want to redirect some (or all) page requests to [URL] What's the easiest way to do that?
View 2 RepliesI am using the code as below of this post:First i will an fill array variable with the correct values for the controller action.Using the code below i think it should be very straigtforward by just adding the following line to the javascript:
data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
The <%= Html.AntiForgeryToken() %> is at his right place and the action has a [ValidateAntiForgeryToken]
But my controller action keeps saying: "Invalid forgery token"
====================CODE=======================
data["fiscalyear"] = fiscalyear;
data["subgeography"] = $(list).pa n
[code]....
I have implemented a custom ErrorController with NoAccess Action returning the View "~/Error/NoAccess" (not inside the Shared folder).
I have also modified the web.config file and add a custom error "<error statusCode="403" redirect="~/Error/NoAccess" />" node.
Each time i enter to an anauthorized page, i get redirected to the logon page (even though i am already logged on). I would to modify the default asp.net mvc authorization functionality and each time a user tries to enter a page that is not authorized to get an "NoAccess" page instead of redirecting to the login page.
i find a lot of websites that have some parts in the page that uses ajax much more faster than i used to see ajax requests
like changing views using tabs when i click a tab it changes content very fast than i used to in my web applications using Asp.Net and Ajax Control Toolkit
and also a very quick paging in repeaters or grids than i ever developed in my web apps
like this website [URL] i need to know which technology used to achieve this this website is developed using .net
so
but i need to know is this needs another technology to learn (from where can i learn it)
or is it just asp.net + ajax or whth other technology
is it MVC
also i want to know if MVC is better than asp.net + ajax in concern with performance
This is sort of a continuation of a previous thread: View thread
The requirement I have is to be able to have a popup form that shows detailed data on a facility. This would be available on various pages of the website where the user may want to drill down and see detailed information on a facility. We also want to allow the user to update the data on the facility if so desired. I have the code working to show the popup form and get the html for the popup from a view. Right now I'm setting the values of the input boxes using razor code that accesses the @model object. That's about as far as I've gotten.
Where I'm struggling is:
1. How to tie the data in the inputs back to the view model.
2. How to write the ajax code to write the data back to the server. I tried using a standard form, but that redirects the original page that popped up the form. I want to leave that page alone and just submit the data back to the server and close the popup.
Now my dev lead wants us to use the dojo toolkit for our javascript library. That would be OK if I already knew what I was doing with regard to web development, but I don't - and documentation is just not very good with regard to dojo. I'm still trying to figure out html and mvc, so I thought I'd see if I can get this scheme working with some other javascript library first, and then see about switching it over to dojo.
I've read some about knockout and jquery, but with everything being so new to me it's hard to get all this to gel in my head, and I'm not sure about my design. I've read some about mvc's built in ajax tools, but so far all I'm seeing is stuff related to getting data and displaying it - not about submitting data.
I'd like to be able to send the data back to the server in the same object structure that I extracted it with - something that matches the model. I think this is doable, but I'm not sure - and the 'how' of it is escaping me at this point.
When I open my page in Chrome and use the Resource Tracker, at the bottom of the list of requests, there are two GET requests to the aspx file. They take about 2 seconds each. Each request also causes a warning:
Resource interpreted as image but transferred with MIME type text/html.
why a page may be requesting itself, and why it is trying to use it as an image?
How do you handle ajax requests when user is not authenticated?
Someone enters the page, leaves room for an hour, returns, adds comment on the page that goes throuh ajax using jQuery ($.post). Since he is not authenticated, method return RedirectToRoute result (redirects to login page). What do you do with it? How do you handle it on client side and how do you handle it in controller?