We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy.
Unfortunately, activation email could not send to your email. Please try again.
Syncfusion Feedback

ValidateAntiForgeryToken is not working in CRUD Model method and cannot able to implement in GRID Inline template

Thread ID:

Created:

Updated:

Platform:

Replies:

128852 Feb 13,2017 06:33 AM UTC Apr 17,2017 03:56 PM UTC ASP.NET Core 3
loading
Tags: Grid
Ramlith
Asked On February 13, 2017 06:33 AM UTC

     
 Hi,
           ValidateAntiForgeryToken is not working in crudmodel method using inline template grid create/update,
please guide me to overcome this issues. i have mentioned sample methods which we use..

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult _crudData([FromBody]CRUDModel<Object> inDataRecord, String src)
        {
            bool goNextStep = true;  //used to minmize if nesting.
            bool actionOK = false;
            string msg = "Data update failed.";
            object dataUpdated = null;
            if (src == null || src == "")
            {
                msg = "Invalid entity reference.  " + msg;
                goNextStep = false;
            }

            //Check model state before processing.
            if (!ModelState.IsValid)
            {
                //Pass the error messaged to Grid display
                msg = msg + ".  Invaid data : " + string.Join(" | ", ModelState.Values.SelectMany(v => v.Errors).Select(e => e.ErrorMessage));
                //viewModel._msg = _localizer[ResourceConstants.SaveFailedWithErrors] + "\n\r" + errorMessage
                goNextStep = false;
            }

            if (goNextStep)     //Source Entity is available
            {
                try
                {
                   if (inDataRecord.Action == SyncFusionConstants.update || inDataRecord.Action == SyncFusionConstants.insert)
                    {
                        dataUpdated = _ebmsBO._saveData(inDataRecord, src);
                        actionOK = true;  //No switch failed. Warning : If invalud action string passed then it will assume success !!!
                    }
                    else if (inDataRecord.Action == SyncFusionConstants.delete)
                    {
                        dataUpdated = _ebmsBO._deleteData(inDataRecord, src);
                        actionOK = true;  //No switch failed. Warning : If invalud action string passed then it will assume success !!!
                    }
                }
                catch (Exception e)
                {
                    msg = msg + ". " + e.Message.ToString();
                }
            }
            //Return BadResponse or updated records
            ViewBag.Success = actionOK;
            ViewBag.msg = msg;
            if (actionOK) { return Json(inDataRecord.Value); } else { return BadRequest(inDataRecord.Value); }
        }

This method is not firing after use ValidateAntiForgeryToken if i remove ValidateAntiForgeryToken than its works fine while submit save or udpate..
please guide me to overcome with ValidateAntiForgeryToken..

Thanks,
Ramlith

Jayaprakash Kamaraj [Syncfusion]
Replied On February 14, 2017 04:42 PM UTC

Hi Ramlith, 

Thank you for contacting Syncfusion support. 

We have created a sample based on your requirement using AntiForgeryToken. While using AntiForgeryToken to editing we need to use AntiForgeryToken() html method in edit form. Because Antiforgery token validate the inside form element, 



@{Html.EJ().Grid<Object>("FlatGrid") 
                                    .Datasource(ds => ds.URL("/Home/DataSource").CrudURL("/Home/CrudUpdate").RemoveURL("/Home/Remove").Adaptor(AdaptorType.UrlAdaptor)) 
                            .AllowPaging() 
                            .ClientSideEvents(eve => { eve.ActionComplete("complete").Load("load"); }) 
                            .EditSettings(edit => { edit.AllowAdding().AllowDeleting().AllowEditing().EditMode(EditMode.InlineFormTemplate).InlineFormTemplateID("#template"); }) 
……… 
 
                            }).Render(); 
} 
 
<script id="template" type="text/template"> 
    @Html.AntiForgeryToken() 
    <table cellspacing="10"> 
        <tr> 
            <td style="text-align: right;"> 
                Order ID 
            </td> 
            <td style="text-align: left"> 
                 
                <input id="OrderID" name="OrderID" value="{{: OrderID}}" disabled="disabled" class="e-field e-disable e-ejinputtext valid" style="text-align: right; width: 116px; height: 28px" /> 
            </td> 
..  
    </table> 
     
     
</script> 
<script type="text/javascript"> 
    var dmAdaptorUpdate = function (keyField, value, tableName) { 
        var res = this.adaptor.update(this, keyField, value, tableName); 
        return $.ajax($.extend({ 
            beforeSend: ej.proxy(this._beforeSend, this) 
        }, res)); 
    } 
    var dmAdaptorInsert = function (data, tableName) { 
        var res = this.adaptor.insert(this, data, tableName); 
        var deffer = $.Deferred(); 
        $.ajax($.extend({ 
            beforeSend: ej.proxy(this._beforeSend, this), 
            success: ej.proxy(function (record, status, xhr, request) { 
                record = function () { 
                    if (data.d) 
                        data = data.d; 
                    return data; 
                }; 
                deffer.resolveWith(this, [{ record: record, dataManager: this }]); 
            }, this), 
            error: function (e) { 
                deffer.rejectWith(this, [{ error: e, dataManager: this }]); 
            } 
        }, res)); 
 
        return deffer.promise(); 
    } 
    var adaptor = new ej.UrlAdaptor().extend({ 
        update: function (dm, keyField, value, tableName) { 
            var token = $('input[type=hidden][name=__RequestVerificationToken]', document).val(); 
            delete value['__RequestVerificationToken']; 
            return { 
                headers: { 
          
                    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 
                }, 
                type: "POST", 
                dataType:"json", 
                url: dm.dataSource.updateUrl || dm.dataSource.crudUrl || dm.dataSource.url, 
                data: { 
                    __RequestVerificationToken: token, 
                    value: value, 
                    action: "update", 
                }, 
                
            }; 
        }, 
        insert: function (dm, data, tableName) { 
            var token = $('input[type=hidden][name=__RequestVerificationToken]', document).val(); 
            delete data['__RequestVerificationToken']; 
            return { 
                headers: {                   
                    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 
                }, 
                type: "POST", 
                url: dm.dataSource.insertUrl || dm.dataSource.crudUrl || dm.dataSource.url, 
                data: { 
                    __RequestVerificationToken: token, 
                    value: data, 
                    action:"insert" 
                } 
            }; 
        } 
    }) 
 
    function load(args) { 
        this.model.dataSource.adaptor = new adaptor(); 
        this.model.dataSource.update = dmAdaptorUpdate; 
        this.model.dataSource.insert = dmAdaptorInsert; 
    } 
  </script> 
 
[HttpPost]  
  [AllowAnonymous] 
[ValidateAntiForgeryToken] 
         
        public ActionResult CrudUpdate(Orders value, string action) 
        { 
           // do your actions here 
            return Json(new { order }); 
        } 
 
        public ActionResult Remove([FromBody]CRUDModel<Orders> myobject) 
        { 
// do your actions here 
 
            return Json(new { order }); 
        } 

In the above sample we have extend the adaptor to include the AntiForgeryToken key before send post to server side.

Refer to the online help documentation for custom adaptor for adaptor extend,

Document: http://help.syncfusion.com/js/datamanager/data-adaptors#custom-adaptor 
 
Regards, 
 
Jayaprakash K. 


Leon
Replied On April 15, 2017 07:07 PM UTC

I was very happy about using the grid control, because it makes my development fast and clean. So far I like everything about the grid control. But if to make it more secure by trying to use ValidateAntiForgeryToken, I have to write all my grids in java script code to include this functionality, I am a little disappointed. Inline editing is very convenient and I can use it a lot across my application, But I would like to have some level of confidence in the validity of the posts. Having said all this my question is: Is there a way to implement ValidateAntiForgeryToken() keeping the grid the way I have it today in my RAZOR/CSHTML () ? If not do you see that as a future enhancement? or what other alternatives can I use to mimic the ValidateAntiForgeryToken() functionality?Thanks in advance

Jayaprakash Kamaraj [Syncfusion]
Replied On April 17, 2017 03:56 PM UTC

Hi Juan, 
We have already logged a feature request “Antiforgery support in Datamanager” and it can be implemented in any of our upcoming release. 
 
As of now, we suggest you to include all JavaScript codes(custom Adaptor) in to separate js file and refer that js file into Layout page and then we can use it(custom Adaptor) all the Grid. 
Regards, 
 
Jayaprakash K. 


CONFIRMATION

This post will be permanently deleted. Are you sure you want to continue?

Sorry, An error occured while processing your request. Please try again later.

Warning Icon You are using an outdated version of Internet Explorer that may not display all features of this and other websites. Upgrade to Internet Explorer 8 or newer for a better experience.Close Icon

;