Had a user include a "<" in their password. This of course isn't allowed and was causing a Post-Back crash. What threw me was "<" was allowed in other input boxes on my site.
Traced the problem down to the fact that it was because the Password box was being treated like a Password box using DataType.Password. If I commented out that DataType attribute, it works (but of course displays the password on the screen as I'm typing)
Doing some research and Testing, I found 2 possible solutions but I can't tell the difference between the two other than Method # 2 breaks the UI style and looks ugly
Method #1 ... Modify the Model...
[Required]
[Display(Name = "Password")]
[AllowHtml]
[DataType(DataType.Password)]
public string UserPassword { get; set; }
#Html.EditorFor(model => model.UserPassword ....
This option makes me nervous because I really don't want to allow HTML code in any of my inputs.
Method #2 ... Modify the View
[Required]
[Display(Name = "Password")]
public string UserPassword { get; set; }
#Html.PasswordFor(model => model.UserPassword ....
This makes me nervous because I'm relying on any views that display this model to have been done correctly and not present the password in plain text.
So my questions are:
Why does MVC\Razr seem to handle HTML just fine for a normal text box but chokes when you flag it as a Password DataType?
Which of the two methods is the Best practices and safest? (Is their a 3rd option?)
Thanks
Related
In configuration screen I need to have storage of passwords. Also I want to make it invisible for others ( displayed as stars ). How should I mark DAC class text field and/or modify PXTextEdit control in order to get this functionality?
I found answer on my question:
<px:PXTextEdit ID="edPassword" runat="server" DataField="Password" TextMode="Password" />
I want to extend my answer with another part. For now it's also possible to add attribute PXRSACryptString. For example like this:
[PXUIField(DisplayName = "Password")]
[PXRSACryptString(512, IsUnicode = true)]
public virtual string SPassword { get; set; }
After researching various methods to implement custom form validation rules in MVC I have found, what I originally considered to be a straightforward bit of validation, to be rather more complex that I anticipated.
I have 2 text inputs, one or the other (or both) need to be populated. If both are NullOrEmpty we need to throw an error.
I have found DataAnnotations to have it's limitations when attempting to validate on multiple fields, giving me highlighting on both inputs and throwing a single error. Is this some beginners naivity?
I also played around with FluentValidation and was unable to get the results I was after.
Currently I am throwing the error in the Controller using:
ModelState.AddModelError("PropertyName", "You need to enter a Property Number or a Property Name")
ModelState.AddModelError("PropertyNumber", String.Empty)
This gives me highlighting on both fields and server-side validation. I am now finding it difficult binding custom client-side validation without using DataAnnotations.
Does anyone have any advice on how to do this properly? Any help or suggestions would be greatly appreciated. I need validation on the server/client, on both fields, with highlighting and a single error message.
Thanks in advance.
[Fool proof][1] validation library covers almost all kind of validation scenarios.
[RequiredIf]
[RequiredIfNot]
[RequiredIfTrue]
[RequiredIfFalse]
[RequiredIfEmpty]
[RequiredIfNotEmpty]
[RequiredIfRegExMatch]
[RequiredIfNotRegExMatch]
Applied to a Model:
public class CreateUserViewModel
{
[Required]
public string Username { get; set; }
[Required]
public string Department { get; set; }
[RequiredIfEmpty(ErrorMessage="error message"]
public string Role { get; set; }
}
I'm using DataAnotation for validation and i need disable it of in some cases.
F.E. on create i need user insert password and confirmation, but for edit it can stay empty and not changed.
I have this model:
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
[DisplayName("Re-enter Password")]
[Compare("Password", ErrorMessage = "The password and confirmation do not match.")]
public string PasswordControl { get; set; }
Enought vould be disable required on password on edit.
AFAIK, there are two ways, either will work.
Use different model for edit and insert. I prefer and use this one in my application. It's easy and future proof(Edit and insert models and rules may be quite different).
Customize a ValidationAttribute and override IsValid method. Use some context such as IsEdit field of your model. It can be used since MVC3. See the "Model Validation Improvements" part of this article http://weblogs.asp.net/scottgu/archive/2010/07/27/introducing-asp-net-mvc-3-preview-1.aspx
I'm trying to create a MVC model validation attribute that fills in the following situation:
I have created several models (Birthday and PhoneNumber being excellant examples) that are submitted over multiple input fields on the view (month, day, year; areacode, exchange, suffix).
public class PhoneNumber
{
[RegularExpression("^([2-9][0-8][0-9])$", ErrorMessage = "Invalid Area Code")]
public virtual string AreaCode { get; set; }
[RegularExpression("^([2-9][0-9][0-9])$", ErrorMessage = "Invalid Phone Exchange")]
public virtual string Exchange { get; set; }
[RegularExpression("^([0-9][0-9][0-9][0-9])$", ErrorMessage = "Invalid Phone Suffix")]
public virtual string Suffix { get; set; }
}
I often nest these models inside other models (Person has a PhoneNumber and a Birthday, for example). Sometimes, in my views, a PhoneNumber is required, and sometimes it isn't.
I can handle these situations on the server side by using implementing the class as an IValidatableObject, but I run into trouble if I want to do client side validation, or even just do server side validation via attributes.
I imagine I will have to build my own custom validation attribute but I'm not even sure where to start in accessing object and attribute information on multiple levels. Has anyone encountered anything like this? Any good ideas for pointing me in the right direction?
Thanks in advance!
--------Update------
By using IClientValidatable, and GetClientValidationRules, I have access to the ModelMetadata can get the type of the container. The problem is that the container is birthday or phone number, not the type of the top level model, which is what is most important here. The ModelMetadata hasn't populated the Model property yet because one may not exist yet. What I'm really trying to do is get the type of the top level model. Anyone have any insight?
Depending on how you are writing your view, I think you may want to look at an extension called BeginCollectionItem http://nuget.org/packages/BeginCollectionItem
Validation gets a little messed up if you are doing
#Html.TextBoxFor( m => number.AreaCode )
instead of
#Html.TextBoxFor( m => m.AreaCode )
I'm new to ASP.NET MVC, and I have this issue.
So, my model have a password attribute, when creating should be required, but when editing it should be optional, so you only change the password if you want to, but I don't know how to let it be optional if I mark it with required in the model. What should I do?
The best solution is to have a different view for changing the password?
I appreciate your help, thanks!
[Required]
[ValidatePasswordLength]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }
Either create a separate view model, or in your controller code check if its there, if not use ModelState.AddError("fieldName", "PAssword is required")