Search Results

Search found 13262 results on 531 pages for 'complete validation'.

Page 26/531 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • Globally Handling Request Validation In ASP.NET MVC

    - by imran_ku07
       Introduction:           Cross Site Scripting(XSS) and Cross-Site Request Forgery (CSRF) attacks are one of dangerous attacks on web.  They are among the most famous security issues affecting web applications. OWASP regards XSS is the number one security issue on the Web. Both ASP.NET Web Forms and ASP.NET MVC paid very much attention to make applications build with ASP.NET as secure as possible. So by default they will throw an exception 'A potentially dangerous XXX value was detected from the client', when they see, < followed by an exclamation(like <!) or < followed by the letters a through z(like <s) or & followed by a pound sign(like &#123) as a part of querystring, posted form and cookie collection. This is good for lot of applications. But this is not always the case. Many applications need to allow users to enter html tags, for example applications which uses  Rich Text Editor. You can allow user to enter these tags by just setting validateRequest="false" in your Web.config application configuration file inside <pages> element if you are using Web Form. This will globally disable request validation. But in ASP.NET MVC request handling is different than ASP.NET Web Form. Therefore for disabling request validation globally in ASP.NET MVC you have to put ValidateInputAttribute in your every controller. This become pain full for you if you have hundred of controllers. Therefore in this article i will present a very simple way to handle request validation globally through web.config.   Description:           Before starting how to do this it is worth to see why validateRequest in Page directive and web.config not work in ASP.NET MVC. Actually request handling in ASP.NET Web Form and ASP.NET MVC is different. In Web Form mostly the HttpHandler is the page handler which checks the posted form, query string and cookie collection during the Page ProcessRequest method, while in MVC request validation occur when ActionInvoker calling the action. Just see the stack trace of both framework.   ASP.NET MVC Stack Trace:     System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8723114   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111   System.Web.HttpRequest.get_Form() +129   System.Web.HttpRequestWrapper.get_Form() +11   System.Web.Mvc.ValueProviderDictionary.PopulateDictionary() +145   System.Web.Mvc.ValueProviderDictionary..ctor(ControllerContext controllerContext) +74   System.Web.Mvc.ControllerBase.get_ValueProvider() +31   System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor) +53   System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor) +109   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +399   System.Web.Mvc.Controller.ExecuteCore() +126   System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +27   ASP.NET Web Form Stack Trace:    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3213202   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108   System.Web.HttpRequest.get_QueryString() +119   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2022776   System.Web.UI.Page.DeterminePostBackMode() +60   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154   System.Web.UI.Page.ProcessRequest() +86                        Since the first responder of request in ASP.NET MVC is the controller action therefore it will check the posted values during calling the action. That's why web.config's requestValidate not work in ASP.NET MVC.            So let's see how to handle this globally in ASP.NET MVC. First of all you need to add an appSettings in web.config. <appSettings>    <add key="validateRequest" value="true"/>  </appSettings>              I am using the same key used in disable request validation in Web Form. Next just create a new ControllerFactory by derving the class from DefaultControllerFactory.     public class MyAppControllerFactory : DefaultControllerFactory    {        protected override IController GetControllerInstance(Type controllerType)        {            var controller = base.GetControllerInstance(controllerType);            string validateRequest=System.Configuration.ConfigurationManager.AppSettings["validateRequest"];            bool b;            if (validateRequest != null && bool.TryParse(validateRequest,out b))                ((ControllerBase)controller).ValidateRequest = bool.Parse(validateRequest);            return controller;        }    }                         Next just register your controller factory in global.asax.        protected void Application_Start()        {            //............................................................................................            ControllerBuilder.Current.SetControllerFactory(new MyAppControllerFactory());        }              This will prevent the above exception to occur in the context of ASP.NET MVC. But if you are using the Default WebFormViewEngine then you need also to set validateRequest="false" in your web.config file inside <pages> element            Now when you run your application you see the effect of validateRequest appsetting. One thing also note that the ValidateInputAttribute placed inside action or controller will always override this setting.    Summary:          Request validation is great security feature in ASP.NET but some times there is a need to disable this entirely. So in this article i just showed you how to disable this globally in ASP.NET MVC. I also explained the difference between request validation in Web Form and ASP.NET MVC. Hopefully you will enjoy this.

    Read the article

  • ASP.Net MVC 2 Auto Complete Textbox With Custom View Model Attribute & EditorTemplate

    - by SeanMcAlinden
    In this post I’m going to show how to create a generic, ajax driven Auto Complete text box using the new MVC 2 Templates and the jQuery UI library. The template will be automatically displayed when a property is decorated with a custom attribute within the view model. The AutoComplete text box in action will look like the following:   The first thing to do is to do is visit my previous blog post to put the custom model metadata provider in place, this is necessary when using custom attributes on the view model. http://weblogs.asp.net/seanmcalinden/archive/2010/06/11/custom-asp-net-mvc-2-modelmetadataprovider-for-using-custom-view-model-attributes.aspx Once this is in place, make sure you visit the jQuery UI and download the latest stable release – in this example I’m using version 1.8.2. You can download it here. Add the jQuery scripts and css theme to your project and add references to them in your master page. Should look something like the following: Site.Master <head runat="server">     <title><asp:ContentPlaceHolder ID="TitleContent" runat="server" /></title>     <link href="../../Content/Site.css" rel="stylesheet" type="text/css" />     <link href="../../css/ui-lightness/jquery-ui-1.8.2.custom.css" rel="stylesheet" type="text/css" />     <script src="../../Scripts/jquery-1.4.2.min.js" type="text/javascript"></script>     <script src="../../Scripts/jquery-ui-1.8.2.custom.min.js" type="text/javascript"></script> </head> Once this is place we can get started. Creating the AutoComplete Custom Attribute The auto complete attribute will derive from the abstract MetadataAttribute created in my previous post. It will look like the following: AutoCompleteAttribute using System.Collections.Generic; using System.Web.Mvc; using System.Web.Routing; namespace Mvc2Templates.Attributes {     public class AutoCompleteAttribute : MetadataAttribute     {         public RouteValueDictionary RouteValueDictionary;         public AutoCompleteAttribute(string controller, string action, string parameterName)         {             this.RouteValueDictionary = new RouteValueDictionary();             this.RouteValueDictionary.Add("Controller", controller);             this.RouteValueDictionary.Add("Action", action);             this.RouteValueDictionary.Add(parameterName, string.Empty);         }         public override void Process(ModelMetadata modelMetaData)         {             modelMetaData.AdditionalValues.Add("AutoCompleteUrlData", this.RouteValueDictionary);             modelMetaData.TemplateHint = "AutoComplete";         }     } } As you can see, the constructor takes in strings for the controller, action and parameter name. The parameter name will be used for passing the search text within the auto complete text box. The constructor then creates a new RouteValueDictionary which we will use later to construct the url for getting the auto complete results via ajax. The main interesting method is the method override called Process. With the process method, the route value dictionary is added to the modelMetaData AdditionalValues collection. The TemplateHint is also set to AutoComplete, this means that when the view model is parsed for display, the MVC 2 framework will look for a view user control template called AutoComplete, if it finds one, it uses that template to display the property. The View Model To show you how the attribute will look, this is the view model I have used in my example which can be downloaded at the end of this post. View Model using System.ComponentModel; using Mvc2Templates.Attributes; namespace Mvc2Templates.Models {     public class TemplateDemoViewModel     {         [AutoComplete("Home", "AutoCompleteResult", "searchText")]         [DisplayName("European Country Search")]         public string SearchText { get; set; }     } } As you can see, the auto complete attribute is called with the controller name, action name and the name of the action parameter that the search text will be passed into. The AutoComplete Template Now all of this is in place, it’s time to create the AutoComplete template. Create a ViewUserControl called AutoComplete.ascx at the following location within your application – Views/Shared/EditorTemplates/AutoComplete.ascx Add the following code: AutoComplete.ascx <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" %> <%     var propertyName = ViewData.ModelMetadata.PropertyName;     var propertyValue = ViewData.ModelMetadata.Model;     var id = Guid.NewGuid().ToString();     RouteValueDictionary urlData =         (RouteValueDictionary)ViewData.ModelMetadata.AdditionalValues.Where(x => x.Key == "AutoCompleteUrlData").Single().Value;     var url = Mvc2Templates.Views.Shared.Helpers.RouteHelper.GetUrl(this.ViewContext.RequestContext, urlData); %> <input type="text" name="<%= propertyName %>" value="<%= propertyValue %>" id="<%= id %>" class="autoComplete" /> <script type="text/javascript">     $(function () {         $("#<%= id %>").autocomplete({             source: function (request, response) {                 $.ajax({                     url: "<%= url %>" + request.term,                     dataType: "json",                     success: function (data) {                         response(data);                     }                 });             },             minLength: 2         });     }); </script> There is a lot going on in here but when you break it down it’s quite simple. Firstly, the property name and property value are retrieved through the model meta data. These are required to ensure that the text box input has the correct name and data to allow for model binding. If you look at line 14 you can see them being used in the text box input creation. The interesting bit is on line 8 and 9, this is the code to retrieve the route value dictionary we added into the model metada via the custom attribute. Line 11 is used to create the url, in order to do this I created a quick helper class which looks like the code below titled RouteHelper. The last bit of script is the code to initialise the jQuery UI AutoComplete control with the correct url for calling back to our controller action. RouteHelper using System.Web.Mvc; using System.Web.Routing; namespace Mvc2Templates.Views.Shared.Helpers {     public static class RouteHelper     {         const string Controller = "Controller";         const string Action = "Action";         const string ReplaceFormatString = "REPLACE{0}";         public static string GetUrl(RequestContext requestContext, RouteValueDictionary routeValueDictionary)         {             RouteValueDictionary urlData = new RouteValueDictionary();             UrlHelper urlHelper = new UrlHelper(requestContext);                          int i = 0;             foreach(var item in routeValueDictionary)             {                 if (item.Value == string.Empty)                 {                     i++;                     urlData.Add(item.Key, string.Format(ReplaceFormatString, i.ToString()));                 }                 else                 {                     urlData.Add(item.Key, item.Value);                 }             }             var url = urlHelper.RouteUrl(urlData);             for (int index = 1; index <= i; index++)             {                 url = url.Replace(string.Format(ReplaceFormatString, index.ToString()), string.Empty);             }             return url;         }     } } See it in action All you need to do to see it in action is pass a view model from your controller with the new AutoComplete attribute attached and call the following within your view: <%= this.Html.EditorForModel() %> NOTE: The jQuery UI auto complete control expects a JSON string returned from your controller action method… as you can’t use the JsonResult to perform GET requests, use a normal action result, convert your data into json and return it as a string via a ContentResult. If you download the solution it will be very clear how to handle the controller and action for this demo. The full source code for this post can be downloaded here. It has been developed using MVC 2 and Visual Studio 2010. As always, I hope this has been interesting/useful. Kind Regards, Sean McAlinden.

    Read the article

  • IIS SEO Toolkit and W3C Validation Service

    One thing that Ive been asked several times about the SEO Toolkit is if it does a full standards validation on the markup and content that is processed, and if not, to add support for more comprehensive standards validation, in particular XHTML and HTML 4.01. Currently the markup validation performed by the SEO Toolkit is really simple, its main goal is to make sure that the markup is correctly organized, for example that things like <b><i>Test</b></i> are not found in the...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • IIS SEO Toolkit and W3C Validation Service

    One thing that Ive been asked several times about the SEO Toolkit is if it does a full standards validation on the markup and content that is processed, and if not, to add support for more comprehensive standards validation, in particular XHTML and HTML 4.01. Currently the markup validation performed by the SEO Toolkit is really simple, its main goal is to make sure that the markup is correctly organized, for example that things like <b><i>Test</b></i> are not found in the...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • MVC 2 Client Side Model Validation with ExtJS

    One of the most exciting new features in MVC 2 is "Enhanced Model Validation support across both server and client"; this new enhanced support allows for client side validation to be dynamically generated into a view from DataAnnotations attributes on models. One minor complaint: Out of the box, it only supports the Microsoft AJAX libraries. Good news: It can use other frameworks, and we have done just that! Ext.ux.MvcFormValidator The MvcFormValidator is an alternative form validation...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Sneak Peek: New ASP.NET Validation Summary Control

    Check out this image of our upcoming ASP.NET validation summary control, ASPxValidationSummary: ASPxValidationSummary Benefits This new control helps you summarize validation errors from multiple controls and then displays them in a single block. This allows you to organize screen space more effectively if validation is required for several editors. Error entries can be displayed as a table, bulleted or ordered list. And each entry can be presented as a link that moves focus to the corresponding...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • MVC 2 Client Side Model Validation with ExtJS

    One of the most exciting new features in MVC 2 is "Enhanced Model Validation support across both server and client"; this new enhanced support allows for client side validation to be dynamically generated into a view from DataAnnotations attributes on models. One minor complaint: Out of the box, it only supports the Microsoft AJAX libraries. Good news: It can use other frameworks, and we have done just that! Ext.ux.MvcFormValidator The MvcFormValidator is an alternative form validation...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Convert input to integer before save in rails

    - by Micke
    Hello, i have a set of select inputs representing a users birthday: birthyear, birthmonth and birthday. And i want to validate birthyear like this: validates_inclusion_of :birthyear, :in => Date.today.year-50..Date.today.year-12 So the user can be at least 12 years but at most 50 years when they are registering. But my problem is that the variable from the input is a string and not an integer. So how can i convert the input to an integer? or is there any easier way to check the users age? Thanks, Micke

    Read the article

  • validates_associated in production

    - by Rien
    Hi all. Imagine a simple model. class Service belongs_to :user validates_associated :user accepts_nested_attributes_for :user end Nothing special right? The validations on the associated User model trigger correctly in development mode. But don't do anything in production. I've added a validates_on_presence :user just like the docs say. This triggers when there's no User associated with the Service, but fill in one thing on the User model and nothing happens! It's driving me up the walls. Am I overlooking something? More info about the MVC: I use formtastic for the forms. Thanks!

    Read the article

  • recaptcha asp.net always returns invalid

    - by Curtis White
    The reCaptcha example for ASP.NET does not seem to work. I followed the instructions but it always returns false, "The verification words are incorrect.". The entries are good. I'm using localhost as the site but am not getting any public/private key errors which I did get when adding a bad key (as a test). I've seen this error reported a lot but no good answers. Some suggest to call the validate on the control before checking to see if it is valid but this did not work for me.

    Read the article

  • Simple Custom rule for Jquery validator

    - by thatweblook
    Hi, I read your reply regarding the jQuery validator where you outline a method to check a username against a value in a database. Ive tried implementing this method but no matter what is returned from the PHP file I always get the message that the username is already taken. Here is ths custom method... $.validator.addMethod("uniqueUserName", function(value, element) { $.ajax({ type: "POST", url: "php/get_save_status.php", data: "checkUsername="+value, dataType:"html", success: function(msg) { // if the user exists, it returns a string "true" if(msg == "true") return false; // already exists return true; // username is free to use } })}, "Username is Already Taken"); And here is the validate code... username: { required: true, uniqueUserName: true }, Is there a specific way i am supposed to return the message from php. Thanks A

    Read the article

  • jQuery validator and a custom rule that uses AJAX

    - by thatweblook
    Hi, I read your reply regarding the jQuery validator where you outline a method to check a username against a value in a database. Ive tried implementing this method but no matter what is returned from the PHP file I always get the message that the username is already taken. Here is ths custom method... $.validator.addMethod("uniqueUserName", function(value, element) { $.ajax({ type: "POST", url: "php/get_save_status.php", data: "checkUsername="+value, dataType:"html", success: function(msg) { // if the user exists, it returns a string "true" if(msg == "true") return false; // already exists return true; // username is free to use } })}, "Username is Already Taken"); And here is the validate code... username: { required: true, uniqueUserName: true }, Is there a specific way i am supposed to return the message from php. Thanks A

    Read the article

  • Does DataType DataAnnotation Check the Expression?

    - by Jason
    I am currently using DataAnnotations within my ASP.NET MVC website to ensure data is properly validated. One question I wanted to verify (I think I know the answer, but I can't find verification online) - does the DataType DataAnnotation perform regular expression checks to ensure that you have received a valid e-mail/phone/currency/etc? [Required(ErrorMessage = "Price required")] [DataType(DataType.Currency, ErrorMessage = "Not a valid price")] [Range(0, double.MaxValue, ErrorMessage = "Price must be greater than 0.")] public decimal Price { get; set; } I believe the answer is no (meaning I have to provide my own, custom, RegularExpressionAttribute), but I wanted to double check before I do that for various field types.

    Read the article

  • Validate a number between 10 and 11 characters in length

    - by Montana Flynn
    I am using javascript (and PHP) to validate a simple form with a phone number field. I have it working fine checking that the field has only 10 characters, but I really want to check if the field has between 10 and 11 characters. Reason being, some people type numbers like so: 1 555 555 5555 and some people do this 555 555 5555. Here is what I have that works for checking if the length is 10: if (!(stripped.length == 10)) { alert("Please enter a valid US phone number.") return false }

    Read the article

  • JSF - Prevent validationFailed when raising a WARN ValidatorException

    - by Sébastien Tromp
    Hello, I have a form which uses validators for its fields. These validators can send back either Severity.SEVERITY_ERROR or Severity.SEVERITY_WARN messages, as illustrated: if (!isInMainFamily) { FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_WARN, "You should make sure to tag your competency in at least one main category", null); throw new ValidatorException(message); } However, SEVERITY_WARN messages are not blocking for me. They are just a way to tell the user they should correct their input, but won't prevent them from submitting the form and saving their data. However, it seems that throwing any kind of ValidatorException flags the FacesContext as "validationFailed", which then prevents the submission of the form. Is there a way to get around this? Or am I misunderstanding something? Thanks a lot for your help, Sébastien

    Read the article

  • Add special characters to Asp.net RegularExpressionValidator for E-Mail

    - by Hasan Gürsoy
    I have a e-mail address validator but I need to add special characters as valid for example ü, ç... Because users in Turkey (or anywhere else) can have a web site url like: hasangürsoy.com My code is below: <asp:TextBox ID="tEMail" runat="server" /> <asp:RequiredFieldValidator ID="rfvEMail" runat="server" ControlToValidate="tEMail" ErrorMessage="* required" /> <asp:RegularExpressionValidator ID="revEMail" runat="server" ControlToValidate="tEMail" ErrorMessage="* invalid" ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" />

    Read the article

  • Designing Business Objects to indicate constraints such as Max Length

    - by JR
    Is there a standard convention when designing business objects for providing consumers with a way to discover constraints such as a property's maximum length? It could be used up in the UI layer to, for example, set a Textbox's MaxLength property according to the maximum length limit back in the business object. Is there a standard design approach for this?

    Read the article

  • Validate site/domain via javascript

    - by Chez
    I have a standard html form where the user can specify a website/domain: favourite website: [ ] I expect the user to type things like: [www.google.com] [www.yahoo.com] [www.example.co.jp] I want to validate the domain/site via javascript so if a user had typed something wrong: [www...google.com] [www.-example.com] I tell them straight away. Can anybody post this javascript ? Alternatively can anybody point me to a site where I can look at their javascript ? Many Thanks

    Read the article

  • .NET IsValidXml Extension Method Performance

    - by tyndall
    I have a legacy application that I inherited that passes a lot of XML around as Strings. I often need the ability to check if a String will be valid XML. What is the fastest and least expensive way to check if a string is valid XML in .NET? I'm working in .NET 3.5 and would most likely use this as an extension method (off of string) in this one project within the solution.

    Read the article

  • Credit Card checksums and validations that do not require connection to the financial institution

    - by cjavapro
    The validations I know of are: Checksum the whole card number should add up to zero. (range is 0-9) Check the first digit(s) against the card type Check the length against the card type Check the CCV length against the card type (I think all the major types are 3 anyway) Of course make sure it is accepted card type as well as non expired. Are there any other validations :) (I expect many folks did not know about all of these) The reason I ask is because I overheard there was one to checksum number against expiration or CCV.. I just wanted to check.

    Read the article

  • Problem with $.get while submitting form

    - by bradenkeith
    I'm trying to verify that an Account Name is not already in use once a user fills out a form. The code looks like: $("#add_account").submit( function () { $.get( "'.url::site("ajax/check_account_name").'", {account_name: "t"}, function(data){ alert( data ); }); }); I get a $.get response if the statement sits like this: $(document).ready( function () { $.get( "'.url::site("ajax/check_account_name").'", {account_name: "t"}, function(data){ alert( data ); }); }); Which leads me to believe that my $.get statement is correct. Is there some jQuery rule I'm not familiar with that would cause this to fail in on submit scenario? In code block 1, I get values returned like they should. Block 2 gives me a blank response. Any ideas? Thanks for your time, I know you have better things to be doing.

    Read the article

  • In which order is model binding and validation done in ASP.NET MVC 2?

    - by Simon Bartlett
    I am using ASP.NET MVC 2, and am using a view-model per view approach. I am also using Automapper to map properties from my domain-model to the view-model. Take this example view-model (with Required data annotation attributes for validation purposes): public class BlogPost_ViewModel { public int Id { get; set; } [Required] public string Title { get; set; } [Required] public string Text { get; set; } } In the post editor view I am using a rich text editor (CKeditor). Because CKeditor is a HTML editor, I ideally need CKeditor to HTMLencode the user's input when the form is submitted, so that ASP.NET's input validation does not complain. This is not a problem as CKeditor has this functionality built in, however I need CKeditor's output decoded before mapping back to the domain object (via Automapper). I am wanting to add a new property (to the view-model above) to solve this, as follows: public string HTMLEncodedText { get { return HTMLEncode(Text); } set { Text = HTMLDecode(value); } } I can then bind this property to CKeditor in the view, but still use Automapper to map the 'Text' property in the controller - all without having to turn input-validation off. My question is: do you know how the model binding and validation process in ASP.NET MVC 2 works? Are all model properties binded before validation is carried out? Or is each individual property get validated when it is being set. I think ideally for my idea to work, all properties need to be set before the model is validated.

    Read the article

  • How do I remove jQuery validation from a form?

    - by Ben
    I'm using the jQuery validation plugin to validate a form, and I'd like to remove the validation and submit the form if a certain link is clicked. I am submitting form with javascript like jQuery('form#listing').submit(), so I must remove the validation rules/function with javascript. The problem is that I can't figure out how to do this. I've tried things like jQuery('form#listing').validate({}); and jQuery('form#listing').validate = null, but with no luck.

    Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >