Search Results

Search found 144 results on 6 pages for 'textboxfor'.

Page 4/6 | < Previous Page | 1 2 3 4 5 6  | Next Page >

  • How to Add, Edit and Display one to many relationship entities in ASP.Net MVC 2?

    - by Picflight
    I am looking for best practices conforming to the MVC design pattern. My Entities have the following relationship. tblPortal PortalId PrortalName tblPortalAlias AliasId PortalId HttpAlias Each Portal can have many PortalAlias. I want to Add a New Portal and then Add the associated PortalAlias. I am confused on how I should structure the Views and how I should present the Views to the user. I am looking for some sample code on how to accomplish this. My thoughts are first present the Portal View, let the user add the Portal. Then click the Edit link on the Portal List View and on the Portal Edit View let them Add the PortalAlias. If so, what should the Edit View look like? So far I have: Edit <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<MyProject.Mvc.Models.PortalFormViewModel>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> Edit </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>Edit</h2> <% Html.RenderPartial("PortalForm", Model); %> <div> <%= Html.ActionLink("Back to List", "Index") %> </div> </asp:Content> PortalForm <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<MyProject.Mvc.Models.PortalFormViewModel>" %> <%= Html.ValidationSummary("Please correct the errors and try again.") %> <% using (Html.BeginForm()) {%> <%= Html.ValidationSummary(true) %> <fieldset> <legend>Fields</legend> <div class="editor-label"> <%= Html.LabelFor(model => model.Portal.PortalId) %> </div> <div class="editor-field"> <%= Html.TextBoxFor(model => model.Portal.PortalId) %> <%= Html.ValidationMessageFor(model => model.Portal.PortalId) %> </div> <div class="editor-label"> <%= Html.LabelFor(model => model.Portal.PortalName) %> </div> <div class="editor-field"> <%= Html.TextBoxFor(model => model.Portal.PortalName) %> <%= Html.ValidationMessageFor(model => model.Portal.PortalName) %> </div> <p> <input type="submit" value="Save" /> </p> </fieldset> <% } %> Alias<br /><%-- This display is for debug --%> <% foreach (var item in Model.PortalAlias) { %> <%= item.HTTPAlias %><br /> <% } %> PortalFormViewModel public class PortalFormViewModel { public Portal Portal { get; private set; } public IEnumerable<PortalAlias> PortalAlias { get; private set; } public PortalFormViewModel() { Portal = new Portal(); } public PortalFormViewModel(Portal portal) { Portal = portal; PortalAlias = portal.PortalAlias; } }

    Read the article

  • test is null in the controller upon post

    - by user281180
    I have the following codes and the test value is always null in the controller after the post. What is wrong with the following code: Model: public class Suitcase { public string Color { get; set; } public string[] Size { get; set; } public List<string> Clothes { get; set; } public List<Test> test { get; set; } } public class Test { public string Name { get; set; } public int ID { get; set; } } The view: <fieldset> <legend>All about my baggage</legend> <div class="editor-label"> <%: Html.LabelFor(model => model.Color) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Color) %> </div> <br /> <div class="editor-label"> Width, Height, Depth: </div> <div class="editor-field"> ml.TextBoxFor(model => model.Depth, new { style = "width:50px;" })%> </div> <br /> <div class="editor-label">Suitcase Contents</div> <div class="editor-field"> <div id="clothes-editor"> Clothing Item: <input type="text" id="new-clothes-item" style="width:150px" /> <button id="add-clothes">Add to suitcase</button> </div> <b>Items currently in suitcase:</b> <ul id="clothes-list"> </ul> </div> <p> <button id="pack-it">Put on Baggage Carosel</button> </p> </fieldset> <script type="text/javascript" language="javascript"> $(function () { $("button").button(); // allow users to add items to the suitcase $("#add-clothes").click(function () { var clothesText = $("#new-clothes-item"); $("#clothes-list").append("<li>" + clothesText.val() + "</li>"); clothesText.val("").focus(); }); // pack the suitcase up and send it to the baggage carosel...erm...controller $("#pack-it").click(function () { var clothesList = []; $("#clothes-list li").each(function () { clothesList.push($(this).text()) }); var SizeList = []; SizeList[0] = "Medium"; SizeList[1] = "Large"; SizeList[2] = "small"; var Data = new Object(); Data.test = []; var reading = {}; reading.Name = "Micheal" reading.ID = 123; Data.test[0] = reading; reading.Name = "Rowen" reading.ID = 1234; Data.test[1] = reading; $.ajax({ type: 'POST', traditional: true, data: { Color: $("#Color").val(), Size: SizeList, Clothes: clothesList, test: Data.test } }); }); }); </script> Controller: [HttpPost] public EmptyResult Suitcase(Suitcase lookWhatIPacked) { return new EmptyResult(); }

    Read the article

  • ListBoxFor not populating with selected items

    - by user576838
    I've see this question asked a couple of other times, and I followed this after I tried things on my own with the MS music store demo to no avail, but I still can't get this to work. I've also noticed when I look at my MultiSelectList object in the viewmodel, it has the correct items in the selected items property, but if I expand the results view, it doesn't have any listboxitem with the selected value. What am I missing here? I feel like I'm taking crazy pills! Thanks in advance. model: public class Article { public int ArticleID { get; set; } public DateTime? DatePurchased { get; set; } public DateTime? LastWorn { get; set; } public string ThumbnailImg { get; set; } public string LargeImg { get; set; } public virtual List<Outfit> Outfits { get; set; } public virtual List<Tag> Tags { get; set; } } viewmodel: public class ArticleViewModel { public int ArticleID { get; set; } public List<Tag> Tags { get; set; } public MultiSelectList mslTags { get; set; } public virtual Article Article { get; set; } public ArticleViewModel(int ArticleID) { using (ctContext db = new ctContext()) { this.Article = db.Articles.Find(ArticleID); this.Tags = db.Tags.ToList(); this.mslTags = new MultiSelectList(this.Tags, "TagID", "Name", this.Article.Tags); } } } controller: public ActionResult Index() { ArticleIndexViewModel vm = new ArticleIndexViewModel(db); return View(vm); } view: @model ClosetTracker.ArticleViewModel @using (Html.BeginForm()) { <img id="bigImg" src="@Model.Article.ThumbnailImg" alt="img" /> @Html.HiddenFor(m => m.ArticleID); @Html.LabelFor(m => m.Article.Tags) @* @Html.ListBoxFor(m => m.Article.Tags, Model.Tags.Select(t => new SelectListItem { Text = t.Name, Value = t.TagID.ToString() }), new { Multiple = "multiple" }) *@ @Html.ListBoxFor(m => m.Article.Tags, Model.mslTags); @Html.LabelFor(m => m.Article.LastWorn) @Html.TextBoxFor(m => m.Article.LastWorn, new { @class = "datepicker" }) @Html.LabelFor(m => m.Article.DatePurchased) @Html.TextBoxFor(m => m.Article.DatePurchased, new { @class = "datepicker" }) <p> <input type="submit" value="Save" /> </p> } EDITED Ok, I changed around the constructor of the MultiSelectList to have a list of TagID in the selected value arg instead of a list of Tag objects. This shows the correct tags as selected in the results view when I watch the mslTags object in debug mode. However, it still isn't rendering correctly to the page. public class ArticleViewModel { public int ArticleID { get; set; } public List<Tag> Tags { get; set; } public MultiSelectList mslTags { get; set; } public virtual Article Article { get; set; } public ArticleViewModel(int ArticleID) { using (ctContext db = new ctContext()) { this.Article = db.Articles.Find(ArticleID); this.Tags = db.Tags.ToList(); this.mslTags = new MultiSelectList(this.Tags, "TagID", "Name", this.Article.Tags.Select(t => t.TagID).ToList()); } } }

    Read the article

  • Binding Entity Framework Collections Simply Using ASP.NET MVC

    - by jpcmorton
    To begin with: Using Entity Framework v4.0. ASP.NET MVC 2.0. Visual Studio 2010. I have a model that consists simply of an order & order items. What I want to do is simply bind that model without too much hassle where possible (avoiding type converters, etc). Simply the model looks like this: public class Order { public int ID { get; set; } public string OrderNumber { get; set; } public EntityCollection<OrderItem> Items { get; set; } } public class OrderItem { public int ID { get; set; } public string Qty { get; set; } } This is as simple as I want to keep it. This model is coming directly from the code generated by the entity framework generator. I would prefer to use the model directly from the entity framework (I know there are views saying this is a bad thing, but alas). I then have the View looking like this: <% using (Html.BeginForm()) {%> <%: Html.ValidationSummary(true) %> <fieldset> <legend>Fields</legend> <div class="editor-label"> <%: Html.LabelFor(model => model.ID) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.ID) %> <%: Html.ValidationMessageFor(model => model.ID) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.OrderNumber) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.OrderNumber)%> <%: Html.ValidationMessageFor(model => model.OrderNumber)%> </div> <div id="lineItems"> Where I need to put my line items to be edited, inserted </div> <p> <input type="submit" value="Create" /> </p> </fieldset> <% } %> What I want to do is have a situation where I can use dynamic line items (using javascript). Problems are this: How to go about inserting the initial line item (within the lineItems div). This need to be strongly typed and use the built in validation framework of MVC. Best way to go about inserting line items dynamically so that on the postback there is a complete bind to the model without too much messing around (id = 1,2,3,4, etc). Any help, examples, tips, etc would be appreciated.

    Read the article

  • MVC 2 Ajax.Beginform passes returned Html + Json to javascript function

    - by Joe
    Hi, I have a small partial Create Person form in a page above a table of results. I want to be able to post the form to the server, which I can do no problem with ajax.Beginform. <% using (Ajax.BeginForm("Create", new AjaxOptions { OnComplete = "ProcessResponse" })) {%> <fieldset> <legend>Fields</legend> <div class="editor-label"> <%=Html.LabelFor(model => model.FirstName)%> </div> <div class="editor-field"> <%=Html.TextBoxFor(model => model.FirstName)%> <%=Html.ValidationMessageFor(model => model.FirstName)%> </div> <div class="editor-label"> <%=Html.LabelFor(model => model.LastName)%> </div> <div class="editor-field"> <%=Html.TextBoxFor(model => model.LastName)%> <%=Html.ValidationMessageFor(model => model.LastName)%> </div> <p> <input type="submit" /> </p> </fieldset> <% } %> Then in my controller I want to be able to post back a partial which is just a table row if the create is successful and append it to the table, which I can do easily with jquery. $('#personTable tr:last').after(data); However, if server validation fails I want to pass back my partial create person form with the validation errors and replace the existing Create Person form. I have tried returning a Json array Controller: return Json(new { Success = true, Html= this.RenderViewToString("PersonSubform",person) }); Javascript: var json_data = response.get_response().get_object(); with a pass/fail flag and the partial rendered as a string using the solition below but that doesnt render the mvc validation controls when the form fails. SO RenderPartialToString So, is there any way I can hand my javascript the out of the box PartialView("PersonForm") as its returned from my ajax.form? Can I pass some addition info as a Json array so I can tell if its pass or fail and maybe add a message? UPDATE I can now pass the HTML of a PartialView to my javascript but I need to pass some additional data pairs like ServerValidation : true/false and ActionMessage : "you have just created a Person Bill". Ideally I would pass a Json array rather than hidden fields in my partial. function ProcessResponse(response) { var html = response.get_data(); $("#campaignSubform").html(html); } Many thanks in advance

    Read the article

  • ASP.Net MVC 2 is it possible to get the same instance of model(with slight changes) in HttpPost meth

    - by jjjjj
    Hi I have a complex entity User: public class User : BaseEntity { public virtual Taxi Taxi { get; set; } --> That is why i call it "complex" public virtual string Login { get; set; } public virtual string Password { get; set; } } where Taxi is a parent of User (Taxi has-many Users): public class Taxi : BaseEntity { public virtual string Name { get; set; } public virtual string ClientIp { get; set; } } BaseEntity consists of public virtual int Id { get; private set; } The problem occurs while trying to edit User [Authorize] public ActionResult ChangeAccountInfo() { var user = UserRepository.GetUser(User.Identity.Name); return View(user); } My ChangeAccountInfo.aspx <fieldset> <legend>Fields</legend> <% %> <div class="editor-label"> <%: Html.LabelFor(model => model.Login) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Login) %> <%: Html.ValidationMessageFor(model => model.Login) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.Password) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Password) %> <%: Html.ValidationMessageFor(model => model.Password) %> </div> <div class="editor-field"> <%: Html.HiddenFor(model => model.Taxi.Name)%> </div> <p> <input type="submit" value="Save" /> </p> </fieldset> Post changes: [Authorize] [HttpPost] public ActionResult ChangeAccountInfo(User model) { if (ModelState.IsValid) { UserRepository.UpdateUser(model); return RedirectToAction("ChangeAccountInfoSuccess", "Account"); } return View(model); } But, the (User model) parameter has User.Id == 0 -- User entity had 5 before edit User.Login == "my new login" User.Password == "my new password" User.Taxi.Id == 0 -- User.Taxi entity had 3 before edit User.Taxi.Name == "old hidden name" User.Taxi.ClientIp == null -- User entity had 192.168.0.1 before edit Q: Is it possible not to mark all the fields of an entity (that should be in my UpdateUser) with tag "hidden" but still have them unchanged in my HttpPost method? e.g. not User.Taxi.ClientIp = null, but User.Taxi.ClientIp = 192.168.0.1 I'm using nhibernate, if it matters.

    Read the article

  • Yet Another ASP.NET MVC CRUD Tutorial

    - by Ricardo Peres
    I know that I have not posted much on MVC, mostly because I don’t use it on my daily life, but since I find it so interesting, and since it is gaining such popularity, I will be talking about it much more. This time, it’s about the most basic of scenarios: CRUD. Although there are several ASP.NET MVC tutorials out there that cover ordinary CRUD operations, I couldn’t find any that would explain how we can have also AJAX, optimistic concurrency control and validation, using Entity Framework Code First, so I set out to write one! I won’t go into explaining what is MVC, Code First or optimistic concurrency control, or AJAX, I assume you are all familiar with these concepts by now. Let’s consider an hypothetical use case, products. For simplicity, we only want to be able to either view a single product or edit this product. First, we need our model: 1: public class Product 2: { 3: public Product() 4: { 5: this.Details = new HashSet<OrderDetail>(); 6: } 7:  8: [Required] 9: [StringLength(50)] 10: public String Name 11: { 12: get; 13: set; 14: } 15:  16: [Key] 17: [ScaffoldColumn(false)] 18: [DatabaseGenerated(DatabaseGeneratedOption.Identity)] 19: public Int32 ProductId 20: { 21: get; 22: set; 23: } 24:  25: [Required] 26: [Range(1, 100)] 27: public Decimal Price 28: { 29: get; 30: set; 31: } 32:  33: public virtual ISet<OrderDetail> Details 34: { 35: get; 36: protected set; 37: } 38:  39: [Timestamp] 40: [ScaffoldColumn(false)] 41: public Byte[] RowVersion 42: { 43: get; 44: set; 45: } 46: } Keep in mind that this is a simple scenario. Let’s see what we have: A class Product, that maps to a product record on the database; A product has a required (RequiredAttribute) Name property which can contain up to 50 characters (StringLengthAttribute); The product’s Price must be a decimal value between 1 and 100 (RangeAttribute); It contains a set of order details, for each time that it has been ordered, which we will not talk about (Details); The record’s primary key (mapped to property ProductId) comes from a SQL Server IDENTITY column generated by the database (KeyAttribute, DatabaseGeneratedAttribute); The table uses a SQL Server ROWVERSION (previously known as TIMESTAMP) column for optimistic concurrency control mapped to property RowVersion (TimestampAttribute). Then we will need a controller for viewing product details, which will located on folder ~/Controllers under the name ProductController: 1: public class ProductController : Controller 2: { 3: [HttpGet] 4: public ViewResult Get(Int32 id = 0) 5: { 6: if (id != 0) 7: { 8: using (ProductContext ctx = new ProductContext()) 9: { 10: return (this.View("Single", ctx.Products.Find(id) ?? new Product())); 11: } 12: } 13: else 14: { 15: return (this.View("Single", new Product())); 16: } 17: } 18: } If the requested product does not exist, or one was not requested at all, one with default values will be returned. I am using a view named Single to display the product’s details, more on that later. As you can see, it delegates the loading of products to an Entity Framework context, which is defined as: 1: public class ProductContext: DbContext 2: { 3: public DbSet<Product> Products 4: { 5: get; 6: set; 7: } 8: } Like I said before, I’ll keep it simple for now, only aggregate root Product is available. The controller will use the standard routes defined by the Visual Studio ASP.NET MVC 3 template: 1: routes.MapRoute( 2: "Default", // Route name 3: "{controller}/{action}/{id}", // URL with parameters 4: new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults 5: ); Next, we need a view for displaying the product details, let’s call it Single, and have it located under ~/Views/Product: 1: <%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<Product>" %> 2: <!DOCTYPE html> 3:  4: <html> 5: <head runat="server"> 6: <title>Product</title> 7: <script src="/Scripts/jquery-1.7.2.js" type="text/javascript"></script> 1:  2: <script src="/Scripts/jquery-ui-1.8.19.js" type="text/javascript"> 1: </script> 2: <script src="/Scripts/jquery.unobtrusive-ajax.js" type="text/javascript"> 1: </script> 2: <script src="/Scripts/jquery.validate.js" type="text/javascript"> 1: </script> 2: <script src="/Scripts/jquery.validate.unobtrusive.js" type="text/javascript"> 1: </script> 2: <script type="text/javascript"> 3: function onFailure(error) 4: { 5: } 6:  7: function onComplete(ctx) 8: { 9: } 10:  11: </script> 8: </head> 9: <body> 10: <div> 11: <% 1: : this.Html.ValidationSummary(false) %> 12: <% 1: using (this.Ajax.BeginForm("Edit", "Product", new AjaxOptions{ HttpMethod = FormMethod.Post.ToString(), OnSuccess = "onSuccess", OnFailure = "onFailure" })) { %> 13: <% 1: : this.Html.EditorForModel() %> 14: <input type="submit" name="submit" value="Submit" /> 15: <% 1: } %> 16: </div> 17: </body> 18: </html> Yes… I am using ASPX syntax… sorry about that!   I implemented an editor template for the Product class, which must be located on the ~/Views/Shared/EditorTemplates folder as file Product.ascx: 1: <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<Product>" %> 2: <div> 3: <%: this.Html.HiddenFor(model => model.ProductId) %> 4: <%: this.Html.HiddenFor(model => model.RowVersion) %> 5: <fieldset> 6: <legend>Product</legend> 7: <div class="editor-label"> 8: <%: this.Html.LabelFor(model => model.Name) %> 9: </div> 10: <div class="editor-field"> 11: <%: this.Html.TextBoxFor(model => model.Name) %> 12: <%: this.Html.ValidationMessageFor(model => model.Name) %> 13: </div> 14: <div class="editor-label"> 15: <%= this.Html.LabelFor(model => model.Price) %> 16: </div> 17: <div class="editor-field"> 18: <%= this.Html.TextBoxFor(model => model.Price) %> 19: <%: this.Html.ValidationMessageFor(model => model.Price) %> 20: </div> 21: </fieldset> 22: </div> One thing you’ll notice is, I am including both the ProductId and the RowVersion properties as hidden fields; they will come handy later or, so that we know what product and version we are editing. The other thing is the included JavaScript files: jQuery, jQuery UI and unobtrusive validations. Also, I am not using the Content extension method for translating relative URLs, because that way I would lose JavaScript intellisense for jQuery functions. OK, so, at this moment, I want to add support for AJAX and optimistic concurrency control. So I write a controller method like this: 1: [HttpPost] 2: [AjaxOnly] 3: [Authorize] 4: public JsonResult Edit(Product product) 5: { 6: if (this.TryValidateModel(product) == true) 7: { 8: using (BlogContext ctx = new BlogContext()) 9: { 10: Boolean success = false; 11:  12: ctx.Entry(product).State = (product.ProductId == 0) ? EntityState.Added : EntityState.Modified; 13:  14: try 15: { 16: success = (ctx.SaveChanges() == 1); 17: } 18: catch (DbUpdateConcurrencyException) 19: { 20: ctx.Entry(product).Reload(); 21: } 22:  23: return (this.Json(new { Success = success, ProductId = product.ProductId, RowVersion = Convert.ToBase64String(product.RowVersion) })); 24: } 25: } 26: else 27: { 28: return (this.Json(new { Success = false, ProductId = 0, RowVersion = String.Empty })); 29: } 30: } So, this method is only valid for HTTP POST requests (HttpPost), coming from AJAX (AjaxOnly, from MVC Futures), and from authenticated users (Authorize). It returns a JSON object, which is what you would normally use for AJAX requests, containing three properties: Success: a boolean flag; RowVersion: the current version of the ROWVERSION column as a Base-64 string; ProductId: the inserted product id, as coming from the database. If the product is new, it will be inserted into the database, and its primary key will be returned into the ProductId property. Success will be set to true; If a DbUpdateConcurrencyException occurs, it means that the value in the RowVersion property does not match the current ROWVERSION column value on the database, so the record must have been modified between the time that the page was loaded and the time we attempted to save the product. In this case, the controller just gets the new value from the database and returns it in the JSON object; Success will be false. Otherwise, it will be updated, and Success, ProductId and RowVersion will all have their values set accordingly. So let’s see how we can react to these situations on the client side. Specifically, we want to deal with these situations: The user is not logged in when the update/create request is made, perhaps the cookie expired; The optimistic concurrency check failed; All went well. So, let’s change our view: 1: <%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<Product>" %> 2: <%@ Import Namespace="System.Web.Security" %> 3:  4: <!DOCTYPE html> 5:  6: <html> 7: <head runat="server"> 8: <title>Product</title> 9: <script src="/Scripts/jquery-1.7.2.js" type="text/javascript"></script> 1:  2: <script src="/Scripts/jquery-ui-1.8.19.js" type="text/javascript"> 1: </script> 2: <script src="/Scripts/jquery.unobtrusive-ajax.js" type="text/javascript"> 1: </script> 2: <script src="/Scripts/jquery.validate.js" type="text/javascript"> 1: </script> 2: <script src="/Scripts/jquery.validate.unobtrusive.js" type="text/javascript"> 1: </script> 2: <script type="text/javascript"> 3: function onFailure(error) 4: { 5: window.alert('An error occurred: ' + error); 6: } 7:  8: function onSuccess(ctx) 9: { 10: if (typeof (ctx.Success) != 'undefined') 11: { 12: $('input#ProductId').val(ctx.ProductId); 13: $('input#RowVersion').val(ctx.RowVersion); 14:  15: if (ctx.Success == false) 16: { 17: window.alert('An error occurred while updating the entity: it may have been modified by third parties. Please try again.'); 18: } 19: else 20: { 21: window.alert('Saved successfully'); 22: } 23: } 24: else 25: { 26: if (window.confirm('Not logged in. Login now?') == true) 27: { 28: document.location.href = '<%: FormsAuthentication.LoginUrl %>?ReturnURL=' + document.location.pathname; 29: } 30: } 31: } 32:  33: </script> 10: </head> 11: <body> 12: <div> 13: <% 1: : this.Html.ValidationSummary(false) %> 14: <% 1: using (this.Ajax.BeginForm("Edit", "Product", new AjaxOptions{ HttpMethod = FormMethod.Post.ToString(), OnSuccess = "onSuccess", OnFailure = "onFailure" })) { %> 15: <% 1: : this.Html.EditorForModel() %> 16: <input type="submit" name="submit" value="Submit" /> 17: <% 1: } %> 18: </div> 19: </body> 20: </html> The implementation of the onSuccess function first checks if the response contains a Success property, if not, the most likely cause is the request was redirected to the login page (using Forms Authentication), because it wasn’t authenticated, so we navigate there as well, keeping the reference to the current page. It then saves the current values of the ProductId and RowVersion properties to their respective hidden fields. They will be sent on each successive post and will be used in determining if the request is for adding a new product or to updating an existing one. The only thing missing is the ability to insert a new product, after inserting/editing an existing one, which can be easily achieved using this snippet: 1: <input type="button" value="New" onclick="$('input#ProductId').val('');$('input#RowVersion').val('');"/> And that’s it.

    Read the article

  • Validation on DropDownListFor not working with DataAnnotations

    - by Noel
    If I have a drop down list as follows <div class="editor-label"> <%= Html.DropDownListFor(model => model.CardDetail.SelectedCardSchemeId, Model.CardDetail.CardSchemes, "Select")%> </div> and in my model I am using DataAnnotations [Required(ErrorMessage = "* Required SelectedCardSchemeId Message")] public int SelectedCardSchemeId { get; set; } How can I get the message to appear in the view? In debug I can see the ModelState error is populated, but the message is not displayed on the view. I do not have issues with displaying error message for other controls (TextBoxFor)

    Read the article

  • Can't disable jQuery cache

    - by robert_d
    Update I figured out that it must be caching problem but I can't turn cache off. Here is my changed script: <script src="../../Scripts/jquery-1.4.1.js" type="text/javascript"></script> <script type="text/javascript"> jQuery.ajaxSetup({ // Disable caching of AJAX responses cache: false }); jQuery("#button1").click(function (e) { window.setInterval(refreshResult, 3000); }); function refreshResult() { jQuery("#divResult").load("/Home/Refresh"); } </script> It updates part of a web page every 3 sec. It works only once after clearing web browser cache, after that it doesn't work - requests are made to /Home/Refresh without interval of 3 seconds and nothing is displayed on the web page; subsequent requests send cookie ASP.NET_SessionId=wrkx1avgvzwozcn1frsrb2yh. I am using ASP.NET MVC 2 and c#. I have a problem with jQuery, here is how my web app works Search.aspx web page which contains a form and jQuery script posts data to Search() action in Home controller after user clicks button1 button. Search.aspx: <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<GLSChecker.Models.WebGLSQuery>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> Title </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>Search</h2> <% Html.EnableClientValidation(); %> <% using (Html.BeginForm()) {%> <fieldset> <div class="editor-label"> <%: Html.LabelFor(model => model.Url) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Url, new { size = "50" } ) %> <%: Html.ValidationMessageFor(model => model.Url) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.Location) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Location, new { size = "50" } ) %> <%: Html.ValidationMessageFor(model => model.Location) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.KeywordLines) %> </div> <div class="editor-field"> <%: Html.TextAreaFor(model => model.KeywordLines, 10, 60, null)%> <%: Html.ValidationMessageFor(model => model.KeywordLines)%> </div> <p> <input id ="button1" type="submit" value="Search" /> </p> </fieldset> <% } %> <script src="../../Scripts/jquery-1.4.1.js" type="text/javascript"></script> <script type="text/javascript"> jQuery("#button1").click(function (e) { window.setInterval(refreshResult, 5000); }); function refreshResult() { jQuery("#divResult").load("/Home/Refresh"); } </script> <div id="divResult"> </div> </asp:Content> [HttpPost] public ActionResult Search(WebGLSQuery queryToCreate) { if (!ModelState.IsValid) return View("Search"); queryToCreate.Remote_Address = HttpContext.Request.ServerVariables["REMOTE_ADDR"]; Session["Result"] = null; SearchKeywordLines(queryToCreate); Thread.Sleep(15000); return View("Search"); }//Search() After button1 button is clicked the above script from Search.aspx web page runs. Search() action in controller runs for longer period of time. I simulate this in testing by putting Thread.Sleep(15000); in Search()action. 5 sec. after Submit button was pressed, the above jQuery script calls Refresh() action in Home controller. public ActionResult Refresh() { ViewData["Result"] = DateTime.Now; return PartialView(); } Refresh() renders this partial <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" % <%= ViewData["Result"] % The problem is that in Internet Explorer 8 there is only one request to /Home/Refresh; in Firefox 3.6.3 all requests to /Home/Refresh are made but nothing is displayed on the web page. Another problem with Firefox is that requests to /Home/Refresh are made every second not every 5 seconds. I noticed that after I clear Firefox cache the script works well first time button1 is pressed, but after that it doesn't work. I would be grateful for helpful suggestions.

    Read the article

  • ASP.NET MVC 2: How do I make the Ajax.Form to fire the Client Side Validation with Data Annotation?

    - by Methee
    Here is the code I have so far: <% Html.EnableClientValidation(); %> <% using (Ajax.BeginForm("Address", "Accounts", FormMethod.Post, new AjaxOptions(){}, new { id="dialog-form"} )){ %> <div> <label for="address">Address Name:</label> </div> <div> <%= Html.TextBoxFor(m => m.Name)%> <div> <%= Html.ValidationMessageFor(m => m.Name)%> </div> </div> <input type="submit" value="OK" /> <% } %> When I click submit, It does the validation on the server side, I kinda like it to validate on the Client instead of taking a trip to the server right away.

    Read the article

  • Problem with jQuery and ASP.Net MVC

    - by robert_d
    I have a problem with jQuery, here is how my web app works Search web page which contains a form and jQuery script posts data to Search() action in Home controller after user clicks button1 button. Search.aspx: <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<GLSChecker.Models.WebGLSQuery>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> Title </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>Search</h2> <% Html.EnableClientValidation(); %> <% using (Html.BeginForm()) {%> <fieldset> <div class="editor-label"> <%: Html.LabelFor(model => model.Url) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Url, new { size = "50" } ) %> <%: Html.ValidationMessageFor(model => model.Url) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.Location) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Location, new { size = "50" } ) %> <%: Html.ValidationMessageFor(model => model.Location) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.KeywordLines) %> </div> <div class="editor-field"> <%: Html.TextAreaFor(model => model.KeywordLines, 10, 60, null)%> <%: Html.ValidationMessageFor(model => model.KeywordLines)%> </div> <p> <input id ="button1" type="submit" value="Search" /> </p> </fieldset> <% } %> <script src="../../Scripts/jquery-1.4.1.js" type="text/javascript"></script> <script type="text/javascript"> jQuery("#button1").click(function (e) { window.setInterval(refreshResult, 5000); }); function refreshResult() { jQuery("#divResult").load("/Home/Refresh"); } </script> <div id="divResult"> </div> </asp:Content> [HttpPost] public ActionResult Search(WebGLSQuery queryToCreate) { if (!ModelState.IsValid) return View("Search"); queryToCreate.Remote_Address = HttpContext.Request.ServerVariables["REMOTE_ADDR"]; Session["Result"] = null; SearchKeywordLines(queryToCreate); Thread.Sleep(15000); return View("Search"); }//Search() After button1 button is clicked the above script from Search web page runs Search() action in controller runs for longer period of time. I simulate this in testing by putting Thread.Sleep(15000); in Search()action. 5 sec. after Submit button was pressed, the above jQuery script calls Refresh() action in Home controller. public ActionResult Refresh() { ViewData["Result"] = DateTime.Now; return PartialView(); } Refresh() renders this partial <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" % <%= ViewData["Result"] % The problem is that in Internet Explorer 8 there is only one request to /Home/Refresh; in Firefox 3.6.3 all requests to /Home/Refresh are made but nothing is displayed on the web page. I would be grateful for helpful suggestions.

    Read the article

  • Asp.net MVC Label For

    - by Jaimal Chohan
    I have the following <label for="Forename">Forename</label> <%= Html.TextBoxFor(m => m.Customer.Name.Forename) %> the problem with this is that this is rendered as <label for="AddressLine1">Address Line 1</label> <input type="text" value="" name="Customer.Address.Thoroughfare" id="Customer_Address_Thoroughfare"> not what I want ofc. I would like an extension to render the label correctly (i.e. with the for="" attribute having the value of the input id), is there anything in MVC 2 that does this nativly before I go writing my own extension?

    Read the article

  • Help with MVC controller: passing a string from view to controller

    - by 109221793
    Hi guys, I'm having trouble with one particular issue, I was hoping someone could help me out. I've completed the MVC Music Store tutorial, and now I'm trying to add some administrator functionality - practice as I will have to do this in an MVC application in my job. The application is using the aspnet membership api, and what I have done so far is created a view to list the users. What I want to be able to do, is click on the users name in order to change their password. To try and carry the username to the changeUserPassword controller (custom made). I registered a new route in the global.asax.cs file in order to display the username in the URL, which is working so far. UserList View <%: Html.RouteLink(user.UserName, "AdminPassword", new { controller="StoreManager", action="changeUserPassword", username = user.UserName }) %> Global.asax.cs routes.MapRoute( "AdminPassword", //Route name "{controller}/{action}/{username}", //URL with parameters new { controller = "StoreManager", action = "changeUserPassword", username = UrlParameter.Optional} ); So now the URL looks like this when I reach the changeUserPassword view: http://localhost:51236/StoreManager/changeUserPassword/Administrator Here is the GET changeUserPassword action: public ActionResult changeUserPassword(string username) { ViewData["username"] = username; return View(); } I wanted to store the username in ViewData as I would like to use it in the GET changeUserPassword for display purposes, and also as a hidden value in the form. This is in order to pass it through to enable me to reset the password. Having debugged through the code, it seems that 'username' is null. How can I get this to work so that the username carries over from the Html.RouteLink, to the changeUserPassword action? Any help would be appreciated :) Here is my complete code: UserList.aspx <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<System.Web.Security.MembershipUserCollection>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> UserList </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>UserList</h2> <table> <tr> <th>User Name</th> <th>Last Activity date</th> <th>Locked Out</th> </tr> <%foreach (MembershipUser user in Model){ %> <tr> <td><%: Html.RouteLink(user.UserName, "AdminPassword", new { controller="StoreManager", action="changeUserPassword", username = user.UserName }) %></td> <td><%: user.LastActivityDate %></td> <td><%: user.IsLockedOut %></td> </tr> <% }%> </table> </asp:Content> changeUserPassword.aspx <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<musicStoreMVC.ViewModels.ResetPasswordAdmin>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> changeUserPassword </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>Change Password: <%: ViewData["username"] %></h2> <% using (Html.BeginForm()) {%> <%: Html.ValidationSummary(true) %> <fieldset> <legend>Fields</legend> <div class="editor-label"> <%: Html.Hidden("username",ViewData["username"]) %> <%: Html.LabelFor(model => model.password) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.password) %> <%: Html.ValidationMessageFor(model => model.password) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.confirmPassword) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.confirmPassword) %> <%: Html.ValidationMessageFor(model => model.confirmPassword) %> </div> <p> <input type="submit" value="Create" /> </p> </fieldset> <% } %> <div> <%: Html.ActionLink("Back to List", "Index") %> </div> </asp:Content> My actions public ActionResult UserList() { var users = Membership.GetAllUsers(); return View(users); } public ActionResult changeUserPassword(string username) { ViewData["username"] = username; return View(); }

    Read the article

  • Problem with jQuery and ASP.Net MVC 2

    - by robert_d
    I have a problem with jQuery, here is how my web app works Search.aspx web page which contains a form and jQuery script posts data to Search() action in Home controller after user clicks button1 button. Search.aspx: <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<GLSChecker.Models.WebGLSQuery>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> Title </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>Search</h2> <% Html.EnableClientValidation(); %> <% using (Html.BeginForm()) {%> <fieldset> <div class="editor-label"> <%: Html.LabelFor(model => model.Url) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Url, new { size = "50" } ) %> <%: Html.ValidationMessageFor(model => model.Url) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.Location) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.Location, new { size = "50" } ) %> <%: Html.ValidationMessageFor(model => model.Location) %> </div> <div class="editor-label"> <%: Html.LabelFor(model => model.KeywordLines) %> </div> <div class="editor-field"> <%: Html.TextAreaFor(model => model.KeywordLines, 10, 60, null)%> <%: Html.ValidationMessageFor(model => model.KeywordLines)%> </div> <p> <input id ="button1" type="submit" value="Search" /> </p> </fieldset> <% } %> <script src="../../Scripts/jquery-1.4.1.js" type="text/javascript"></script> <script type="text/javascript"> jQuery("#button1").click(function (e) { window.setInterval(refreshResult, 5000); }); function refreshResult() { jQuery("#divResult").load("/Home/Refresh"); } </script> <div id="divResult"> </div> </asp:Content> [HttpPost] public ActionResult Search(WebGLSQuery queryToCreate) { if (!ModelState.IsValid) return View("Search"); queryToCreate.Remote_Address = HttpContext.Request.ServerVariables["REMOTE_ADDR"]; Session["Result"] = null; SearchKeywordLines(queryToCreate); Thread.Sleep(15000); return View("Search"); }//Search() After button1 button is clicked the above script from Search.aspx web page runs. Search() action in controller runs for longer period of time. I simulate this in testing by putting Thread.Sleep(15000); in Search()action. 5 sec. after Submit button was pressed, the above jQuery script calls Refresh() action in Home controller. public ActionResult Refresh() { ViewData["Result"] = DateTime.Now; return PartialView(); } Refresh() renders this partial <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" % <%= ViewData["Result"] % The problem is that in Internet Explorer 8 there is only one request to /Home/Refresh; in Firefox 3.6.3 all requests to /Home/Refresh are made but nothing is displayed on the web page. Another problem with Firefox is that requests to /Home/Refresh are made every second not every 5 seconds. I noticed that after I clear Firefox cache the script works well first time button1 is pressed, but after that it doesn't work. I would be grateful for helpful suggestions.

    Read the article

  • Bind Child table data on View field- MVC ASP.Net

    - by Tassadaque
    I have two tables Contact and Addresses. Addresses is the child table of Contact. When i create view for Contact. i also want to get addresses for user as many as user wants. For contact table i bind the textbox and add validation like this <%= Html.TextBoxFor(model => model.ContactName) %> <%= Html.ValidationMessageFor(model => model.ContactName) %> Now my question is that how can i bind address field on create view screen. Regards Tassadaque

    Read the article

  • manage date fields when are int in the db

    - by Luca Romagnoli
    Hi in my db there is a field "date_start" type integer. This is the part of form for this field <div class="editor-label"> <%: Html.LabelFor(model => model.date_start) %> </div> <div class="editor-field"> <%: Html.TextBoxFor(model => model.date_start, new { @class = "calendar" })%> <%: Html.ValidationMessageFor(model => model.date_start) %> </div> In the form i want that the field's format is date type. and memorize it in int type after calling a my function for the convertion. How can i manage it? thanks

    Read the article

  • Client Id for Property (ASP.Net MVC)

    - by Felipe
    Hi guys... I'm begginer in asp.net mvc, and i have a doubs: I'm trying to do a label for a TextBox in my View and I'd like to know, how can I take a Id that will be render in client to generete scripts... for example: <label for="<%=x.Name.?ClientId?%>"> Name: </label> <%=Html.TextBoxFor(x=>x.Name) %> What need I put in "?ClientId?" to make sure that correct Id will be render to the corresponding control ? Thanks Cheers

    Read the article

  • Remove Validation in ASP.NET MVC 3

    - by johndoe
    I am trying to get remote validation working in ASP.NET MVC 3 but for some reason the validation never gets fired. I am returning json from the controller and in FireFox it ask me to download the files. Not sure what is going on here. Here is my code: @using(Html.BeginForm(new {Action = "ValidateUserName"})) { <text> Enter UserName: </text> @Html.TextBoxFor(x => x.UserName) <input type="submit" value="Login" /> } Here is the RegistrationViewModel: public class RegistrationViewModel { [Required(ErrorMessage = "UserName is required!")] [Remote("ValidateUserName","Home",ErrorMessage ="UserName already taken!")] public string UserName { get; set; } } And here is the HomeController: public ActionResult ValidateUserName(RegistrationViewModel registrationViewModel) { return Json(!registrationViewModel.UserName.Equals("test"),JsonRequestBehavior.AllowGet); }

    Read the article

  • Timespan not accepting day in MVC3

    - by middelpat
    I have a MVC3 application in which i want to set a timespan to for example 2 days and 5 hours. when i enter 02:05:00:00 it gives me the following exception: System.OverflowException: SqlDbType.Time overflow. Value '2.05:00:00' is out of range. Must be between 00:00:00.0000000 and 23:59:59.9999999. When i enter 05:00:00 it correctly saves 5 hours into the database. according to MSDN timespan has a property for days. How do i correctly set the days? Model: public class ProductionTimeVM { [Required] public TimeSpan DefaultTime { get; set; } } In my view i just use: @Html.TextBoxFor(x => x.DefaultTime) For my controller: public ActionResult SaveProductionTime(ProductionTimeVM vm) { ProductionTime productionTime = new ProductionTime(); productionTime.Default = vm.DefaultTime; //some more code } Any idea's?

    Read the article

  • How can I get a property as an Entity in Action of Asp.Net Mvc ?

    - by Felipe
    Hi all, i'd like to know how can I get a property like an entity, for example: My Model: public class Product { public int Id { get; set; } public string Name { get; set; } public Category Category { get; set; } } View: Name: <%=Html.TextBoxFor(x => x.Name) %> Category: <%= Html.DropDownList("Category", IEnumerable<SelectListItem>)ViewData["Categories"]) %> Controller: public ActionResult Save(Product product) { /// produtct.Category ??? } and how is the category property ? It's fill by the view ? ASP.Net MVC know how to fill this object by ID ? Thanks!

    Read the article

  • ASP.NET MVC Model Binders, html id

    - by Stacey
    Using the Model Binders in ASP.NET MVC 2.0, you can do something like this... [DisplayName("User Name")] public string Name { get; set; } <%: Html.TextBoxFor( m => m.Name ) :%> and then in your HTML, you get a result like this.. <label for="UserName">User Name</label> <input type="text" id="UserName" name="UserName" /> That works fine, but I want to have better control over the HTML ID. Is there any way to do this through the model binding method?

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • MVC 2 Entity Framework View Model Insert

    - by cannibalcorpse
    This is driving me crazy. Hopefully my question makes sense... I'm using MVC 2 and Entity Framework 1 and am trying to insert a new record with two navigation properties. I have a SQL table, Categories, that has a lookup table CategoryTypes and another self-referencing lookup CategoryParent. EF makes two nav properties on my Category model, one called Parent and another called CategoryType, both instances of their respective models. On my view that creates the new Category, I have two dropdowns, one for the CategoryType and another for the ParentCategory. When I try and insert the new Category WITHOUT the ParentCategory, which allows nulls, everything is fine. As soon as I add the ParentCategory, the insert fails, and oddly (or so I think) complains about the CategoryType in the form of this error: 0 related 'CategoryTypes' were found. 1 'CategoryTypes' is expected. When I step through, I can verifiy that both ID properties coming in on the action method parameter are correct. I can also verify that when I go to the db to get the CategoryType and ParentCategory with the ID's, the records are being pulled fine. Yet it fails on SaveChanges(). All that I can see is that my CategoryParent dropdownlistfor in my view, is somehow causing the insert to bomb. Please see my comments in my httpPost Create action method. My view model looks like this: public class EditModel { public Category MainCategory { get; set; } public IEnumerable<CategoryType> CategoryTypesList { get; set; } public IEnumerable<Category> ParentCategoriesList { get; set; } } My Create action methods look like this: // GET: /Categories/Create public ActionResult Create() { return View(new EditModel() { CategoryTypesList = _db.CategoryTypeSet.ToList(), ParentCategoriesList = _db.CategorySet.ToList() }); } // POST: /Categories/Create [HttpPost] public ActionResult Create(Category mainCategory) { if (!ModelState.IsValid) return View(new EditModel() { MainCategory = mainCategory, CategoryTypesList = _db.CategoryTypeSet.ToList(), ParentCategoriesList = _db.CategorySet.ToList() }); mainCategory.CategoryType = _db.CategoryTypeSet.First(ct => ct.Id == mainCategory.CategoryType.Id); // This db call DOES get the correct Category, but fails on _db.SaveChanges(). // Oddly the error is related to CategoryTypes and not Category. // Entities in 'DbEntities.CategorySet' participate in the 'FK_Categories_CategoryTypes' relationship. // 0 related 'CategoryTypes' were found. 1 'CategoryTypes' is expected. //mainCategory.Parent = _db.CategorySet.First(c => c.Id == mainCategory.Parent.Id); // If I just use the literal ID of the same Category, // AND comment out the CategoryParent dropdownlistfor in the view, all is fine. mainCategory.Parent = _db.CategorySet.First(c => c.Id == 2); _db.AddToCategorySet(mainCategory); _db.SaveChanges(); return RedirectToAction("Index"); } Here is my Create form on the view : <% using (Html.BeginForm()) {%> <%= Html.ValidationSummary(true) %> <fieldset> <legend>Fields</legend> <div> <%= Html.LabelFor(model => model.MainCategory.Parent.Id) %> <%= Html.DropDownListFor(model => model.MainCategory.Parent.Id, new SelectList(Model.ParentCategoriesList, "Id", "Name")) %> <%= Html.ValidationMessageFor(model => model.MainCategory.Parent.Id) %> </div> <div> <%= Html.LabelFor(model => model.MainCategory.CategoryType.Id) %> <%= Html.DropDownListFor(model => model.MainCategory.CategoryType.Id, new SelectList(Model.CategoryTypesList, "Id", "Name"))%> <%= Html.ValidationMessageFor(model => model.MainCategory.CategoryType.Id)%> </div> <div> <%= Html.LabelFor(model => model.MainCategory.Name) %> <%= Html.TextBoxFor(model => model.MainCategory.Name)%> <%= Html.ValidationMessageFor(model => model.MainCategory.Name)%> </div> <div> <%= Html.LabelFor(model => model.MainCategory.Description)%> <%= Html.TextAreaFor(model => model.MainCategory.Description)%> <%= Html.ValidationMessageFor(model => model.MainCategory.Description)%> </div> <div> <%= Html.LabelFor(model => model.MainCategory.SeoName)%> <%= Html.TextBoxFor(model => model.MainCategory.SeoName, new { @class = "large" })%> <%= Html.ValidationMessageFor(model => model.MainCategory.SeoName)%> </div> <div> <%= Html.LabelFor(model => model.MainCategory.HasHomepage)%> <%= Html.CheckBoxFor(model => model.MainCategory.HasHomepage)%> <%= Html.ValidationMessageFor(model => model.MainCategory.HasHomepage)%> </div> <p><input type="submit" value="Create" /></p> </fieldset> <% } %> Maybe I've just been staying up too late playing with MVC 2? :) Please let me know if I'm not being clear enough.

    Read the article

  • DRY Validation with MVC2

    - by Matthew
    Hi All, I'm trying to figure out how I can define validation rules for my domain objects in one single location within my application but have run in to a snag... Some background: My location has several parts: - Database - DAL - Business Logic Layer - SOAP API Layer - MVC website The MVC website accesses the database via the SOAP API, just as third parties would. We are using server and and client side validation on the MVC website as well as in the SOAP API Layer. To avoid having to manually write client side validation we are implementing strongly typed views in conjunction with the Html.TextBoxFor and Html.ValidationMessageFor HTML helpers, as shown in Step 3 here. We also create custom models for each form where one form takes input for multiple domain objects. This is where the problem begins, the HTML helpers read from the model for the data annotation validation attributes. In most cases our forms deal with multiple domain objects and you can't specify more than one type in the <%@Page ... Inherits="System.Web.Mvc.ViewPage" % page directive. So we are forced to create a custom model class, which would mean duplicating validation attributes from the domain objects on to the model class. I've spent quite some time looking for workarounds to this, such has referencing the same MetadataType from both the domain class and the custom MVC models, but that won't work for several reasons: You can only specify one MetadataType attribute per class, so its a problem if a model references multiple domain objects, each with their own metadata type. The data annotation validation code throws an exception if the model class doesn't contain a property that is specified in the referenced MetadataType which is a problem with the model only deals with a subset of the properties for a given domain object. I've looked at other solutions as well but to no avail. If anyone has any ideas on how to achieve a single source for validation logic that would work across MVC client and server side validation functionality and other locations (such as my SOAP API) I would love to hear it! Thanks in advance, Matthew

    Read the article

  • ASP.NET MVC2 JQuery datepicker errors

    - by Andy Evans
    I'm having the "Microsoft JScript runtime error: Object doesn't support this property or method" error when calling the datepicker function on a textbox generated from my data model. in the head section I have: <link href="../../Content/Site.css" rel="stylesheet" type="text/css" /> <script src="../../Scripts/jquery-1.4.1.min.js" type="text/javascript"></script> <script src="../../Scripts/MicrosoftAjax.js" type="text/javascript"></script> <script src="../../Scripts/MicrosoftMvcValidation.js" type="text/javascript"></script> <script type="text/javascript"> $(document).ready(function () { $('#dob').datepicker(); }); and in the body section I have: <% Html.EnableClientValidation(); %> <% using (Html.BeginForm()) { %> ... <tr> <td class="label">Date of Birth:</td> <td><%: Html.TextBoxFor(model => model.dob, new { @class = "inputtext" })%></td> <td><%: Html.ValidationMessageFor(model => model.dob) %></td> </tr> ... <% } %> Do I have something in the wrong place? Again, you folks are a great help and assistance would be greatly appreciated.

    Read the article

< Previous Page | 1 2 3 4 5 6  | Next Page >