I have a ASP.NET MVC app running with Forms Authenticated enabled.
In my own machine and browser (Edge,IE,chrome), I am able to login in my website.
It works for other users as well. But, for some users, they are not able to login to the home page of the website and it is going to 404 page not found error....
I am sharing my code behind..
Login action method
[HttpPost]
[AllowAnonymous]
public ActionResult LoginUser(LoginUser login)
{
if (ModelState.IsValid)
{
if(AuthenticateUserAD(login) != "")
{
FormsAuthentication.SetAuthCookie(login.UserName, login.RememberMe);
if (login.RememberMe)
{
HttpCookie cookie = new HttpCookie("Login");
cookie.Values.Add("UserName", login.UserName);
cookie.Values.Add("Password", login.Password);
cookie.Expires = DateTime.Now.AddDays(10);
Response.Cookies.Add(cookie);
}
ViewBag.IsLoginValid = "Valid";
return RedirectToAction("Index", "Service");
}
else
{
ViewBag.Invalid = Session["error"].ToString();
ViewBag.IsLoginValid = "Invalid";
return View("LoginUser");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect");
}
return View(login);
}
LoginUser.cshtml
#using (Html.BeginForm("LoginUser", null, FormMethod.Post))
{
<div class="row mt-5">
<div class="col-6 col-sm-6 offset-3 bodyColor" style="border-radius: 25px;">
<div class="col-8 col-sm-8 offset-2">
<div style="max-width: 400px;">
<div class="text-center section-title">
<h2>Login</h2>
</div>
#Html.LabelFor(model => model.UserName)
<div class="input-group form-group">
<div class="input-group-prepend">
<span class="input-group-text date-Textbox"><i class="fa fa-user"></i></span>
</div>
#Html.TextBoxFor(model => model.UserName, new { #class = "form-control textbox-font" })
#Html.ValidationMessageFor(model => model.UserName, "", new { #class = "textRed" })
</div>
#Html.LabelFor(model => model.Password)
<div class="input-group form-group">
<div class="input-group-prepend">
<span class="input-group-text date-Textbox"><i class="fa fa-lock"></i></span>
</div>
#Html.TextBoxFor(model => model.Password, new { #class = "form-control textbox-font", type = "password" })
#Html.ValidationMessageFor(model => model.Password, "", new { #class = "textRed" })
</div>
#Html.CheckBoxFor(model => model.RememberMe)
#Html.LabelFor(model => model.RememberMe)
<input type="hidden" name="ReturnUrl" value="#Request.QueryString["ReturnUrl"]" />
<div class="col-sm-12 col-xs-12">
<input type="submit" value="Login" id="btnLogin" style="width:100%;" autofocus class="btn btn-main-custom" />
</div>
</div>
</div>
}
I really do not know whether this is a browser problem or a development problem or cookies problem.
Appreciate any help, Could anyone find a solution or a workaround?
Thanks
Related
Am trying to click save button to update what I have in text editor using ckeditor but I got this error
A potentially dangerous Request.Form value was detected from the client (OPTION_VALUE="Welcome to the Na...").
The controller is shown below
Controller
public ActionResult EditRegistrationGuideline(long id)
{
OPTIONS options = _optionsService.GetOption(id);
return View(options);
}
//
// POST: /Product/Edit/5
[HttpPost]
public ActionResult EditRegistrationGuideline(long id, OPTIONS options)
{
try
{
// TODO: Add update logic here
if (ModelState.IsValid)
{
options.OPTION_ID = id;
options.ACTION_STATUS = 0;
options.CREATED_DATE = DateTime.Now;
_optionsService.AddOption(options);
return RedirectToAction("Index");
}
}
catch
{
//return View();
ModelState.AddModelError("", "We cannot edit this Option. Verify your data entries !");
}
return View();
}
and the view is here
View
#{
//ViewBag.Title = "CreateRegistrationGuideline";
}
<div class="content-header clearfix">
<h1 class="pull-left">
<i class="fa fa-plus"> </i> Edit Registration Guideline
</h1>
<div class="col-xs-3 pull-right">
<input type="button" class="btn btn-block btn-warning" value="Back" onclick="location.href='#Url.Action("IndexRegistrationGuideline", "Options")'" />
</div>
<div class=" box box-body box-primary">
#using (Html.BeginForm("EditRegistrationGuideline", "Options", FormMethod.Post, new { #class = "form-horizontal", #enctype = "multipart/form-data" }))
{
#Html.AntiForgeryToken()
<div class="form-horizontal">
#*<h4>OPTIONS</h4>
<hr />*#
#*#Html.ValidationSummary(true)*#
#Html.ValidationSummary(false, null, new { #class = "text-danger" })
<div class="row .col">
<div style="margin-top:20px" class="mainbox col-md-12 col-md-offset-0 col-sm-8 col-sm-offset-2">
<div class="panel panel-info">
<div class="panel-heading">
<div class="panel-title">Edit Option</div>
</div>
<div class="panel-body">
#*<div class="form-group">
#Html.LabelFor(model => model.OPTION_NAME, new { #class = "control-label col-md-2" })
<div class="col-md-10">*#
#*#Html.LabelFor(model => model.OPTION_NAME, new { #class = "control-label col-md-2" })
<div class="col-md-10">*#
#*#Html.EditorFor(model => model.OPTION_NAME)*#
#*#Html.HiddenFor(model => model.faculty_activation_date, new { #Value = System.DateTime.Now })*#
#Html.HiddenFor(model => model.OPTION_NAME)
#Html.ValidationMessageFor(model => model.OPTION_NAME)
<div class="form-group">
#*#Html.LabelFor(model => model.OPTION_VALUE, new { #class = "control-label col-md-2" })*#
<div class="col-md-10">
#Html.LabelFor(model => model.OPTION_VALUE, "Option Value")
#*<textarea class="form-control" placeholder="Enter Option Value" name="OPTION_VALUE" id="editor1"></textarea>*#
#Html.TextAreaFor(model => model.OPTION_VALUE, new { #class = "form-control", #id = "editor1" })
#Html.ValidationMessageFor(model => model.OPTION_VALUE, "", new { #class = "text-danger" })
</div>
</div>
#*<div>
#Html.LabelFor(model => model.OPTION_VALUE, "Option Value")
#Html.TextAreaFor(model => model.OPTION_VALUE, new { #type = "textarea", #id="editor1", #class = "form-control", #placeholder = "Enter Option Value", #autocomplete = "on" })
#Html.ValidationMessageFor(model => model.OPTION_VALUE, null, new { #class = "text-danger" })
</div>*#
#*<div class="form-group">
#Html.LabelFor(model => model.ACTION_STATUS, new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.ACTION_STATUS)
#Html.ValidationMessageFor(model => model.ACTION_STATUS)
</div>
</div>*#
</div>
<div class="panel-footer">
<div class="panel-title">
<div class="form-actions no-color">
<input type="submit" value="Save" class="btn btn-success" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
}
#*<div>
#Html.ActionLink("Back to List", "Index")
</div>*#
#section Scripts {
#Scripts.Render("~/bundles/jqueryval")
<script src="~/Scripts/jquery-3.1.1.min.js"></script>
<script src="~/Scripts/jquery.validate.min.js"></script>
<script src="~/Scripts/jquery.validate.unobtrusive.min.js"></script>
<script src="https://cdn.ckeditor.com/4.5.7/standard/ckeditor.js"></script>
<script>
$(function () {
CKEDITOR.replace('editor1');
});
</script>
}
Please what do I do.
I use CKEDITOR
XSS error ("A potentially dangerous Request.Form value was detected from the client(...)").
Solution:
[ValidateInput(false)]
Differnce b/w them
AllowHtml:
The AllowHtml attribute can be applied to a Model property and it will disable the validation by ASP.Net MVC only for that particular property
Advantages
The AllowHtml attribute is developed for Model class.
The Scope is limited to specific property of the Model class.
It is the safe and recommended solution.
ValidateInput
The ValidateInput attribute can be applied to a Controller’s Action method and it will disable the validation by ASP.Net MVC only for that particular Action method.
Advantages
The Scope is limited to specific Action method of the Controller class.
If you have multiple properties accepting HTML content, then this method will reduce redundancy.
When Model class is not used for designing Form elements then this attribute is needed.For complete details Link
Just place ValidateInput(false) attribute on controller's action.
[HttpPost]
[ValidateInput(false)]
public ActionResult EditRegistrationGuideline(long id, OPTIONS options)
The other option is to place [AllowHtml] attribute on Model Property, have a look on SO post to get difference between them
ValidateInput(false) vs AllowHtml
I was experiencing a similar issue with the following error message A potentially dangerous Request.Form value was detected from the client.
As an alternative to the previous answers, I found encoding the value passed back to the controller worked. CKEditor allows you to do this by setting the config config.htmlEncodeOutput = true;.
The documentation for this can be found at: https://docs-old.ckeditor.com/ckeditor_api/symbols/CKEDITOR.config.html#.htmlEncodeOutput
I got this error while testing XSS on my site.
This is a very good feature that the model gives us that prevents XSS, CSRF from penetrating your site.
Do not disable it as much as possible.
I'm using the default web application mvc project, and i'm trying to login/register from modal:
So i made a new model containing the models for login and register
public class LogInRegisterViewModel
{
public LoginViewModel login { get; set; }
public RegisterViewModel register { get; set; }
}
then in my layout page i provide that model along with the partial view for the login/register:
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
#if (User.Identity.IsAuthenticated)
{
<li>#Html.ActionLink("MyUploads", "Index", "Tutorials")</li>
<li>#Html.ActionLink("Upload", "Create", "Tutorials")</li>
}
</ul>
#Html.Partial("_LoginPartial",model) #*model = new LogInRegisterViewModel()*#
</div>
the html code for the modal is in my _LoginPartial view(maybe this is my mistake?), and the login and register forms(copied from the Account controller):
<div class="modal fade" id="myModal" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document">
<div class="modal-content mc">
<div class="modal-body">
<div class="row">
<div class="col-md-6 login-modal">
<section id="loginForm">
#using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { #class = "form-horizontal", role = "form" }))
{
#Html.AntiForgeryToken()
<h4>Use a local account to log in.</h4>
<hr />
#Html.ValidationSummary(true, "", new { #class = "text-danger" })
<div class="form-group">
<div>
<h5 class="user-name login-labels"><i class="fa fa-user" aria-hidden="true"></i> User Name</h5>
</div>
<div class="col-md-8 login-input">
#Html.TextBoxFor(m => m.login.UserName, new { #class = "form-control" })
#Html.ValidationMessageFor(m => m.login.UserName, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
<h5 class="user-password login-labels"><i class="fa fa-lock" aria-hidden="true"></i> Password</h5>
<div class="col-md-8 login-input">
#Html.PasswordFor(m => m.login.Password, new { #class = "form-control" })
#Html.ValidationMessageFor(m => m.login.Password, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="col-md-10 login-btn">
<input type="submit" value="Log in" class="btn btn-primary" />
</div>
</div>
#* Enable this once you have account confirmation enabled for password reset functionality
<p>
#Html.ActionLink("Forgot your password?", "ForgotPassword")
</p>*#
}
</section>
</div>
<div class="col-md-6">
#using (Html.BeginForm("Register", "Account", FormMethod.Post, new { #class = "form-horizontal", role = "form" }))
{
#Html.AntiForgeryToken()
<h4>Create a new account.</h4>
<hr />
#Html.ValidationSummary("", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(m => m.register.FirstName, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.register.FirstName, new { #class = "form-control" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(m => m.register.LastName, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.register.LastName, new { #class = "form-control" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(m => m.register.ProfileAvatar, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.register.ProfileAvatar, new { #class = "form-control" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(m => m.register.Email, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.register.Email, new { #class = "form-control" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(m => m.register.Password, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.register.Password, new { #class = "form-control" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(m => m.register.ConfirmPassword, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.register.ConfirmPassword, new { #class = "form-control" })
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" class="btn btn-default" value="Register" />
</div>
</div>
}
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- /.modal -->
</div>
and now if you click on log in button without providing username and password, the page will redirect me to Account/Login, same thing for the register.
So how can i fix this so the validation errors popup on the modal and not to be redirected to Account controller?
Thanks in advance for any help.
Ensure first of all you have included the scripts to actually validate the form:
<script src=".../Scripts/jquery.validate.js"></script>
<script src=".../Scripts/jquery.validate.unobtrusive.js"></script>
For client side validation include jquery validation bundle in your view or layout.
#section scripts
{
#Scripts.Render("~/bundles/jqueryval")
}
Also, you can use Ajax.BeginForm() helper instead of Html.BeginForm to implement your registration and login form.
I am using MVC validation to check if use name and password exit in database or not. ModelState.IsValid is true always even when I did not find any matching user.
if (objModel != null)
{
if (ModelState.IsValid && Membership.ValidateUser(objUsersModel.UserName, objUsersModel.Password))
{
Profile.Initialize(objUsersModel.UserName.Trim(), true);
FormsAuthentication.SetAuthCookie(objUsersModel.UserName, false);
return RedirectToAction("Index", "Home");
}
}
How can I set this to false and set the values for error message in mvc view. Here is my MVC view .
<form role="form">
<div class="form-group">
<label for="exampleInputEmail1">User Name </label>
<i class="fa fa-user"></i>
#Html.TextBoxFor(m => m.UserName, new { maxlength = 50, #class = "form-control" })
#Html.ValidationMessageFor(u => u.UserName)
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<i class="fa fa-lock"></i>
#Html.PasswordFor(m => m.Password, new { maxlength = 50, #class = "form-control" })
#Html.ValidationMessageFor(u => u.Password)
</div>
<div class="form-actions">
<label class="checkbox"> <input type="checkbox" class="uniform" value=""> Remember me</label>
<button type="submit" class="btn btn-danger">Submit</button>
</div>
</form>
You need to add a ModelState error and return the view if the user name and password are not valid
if (!ModelState.IsValid)
{
return View(yourModel);
}
if (!Membership.ValidateUser(objUsersModel.UserName, objUsersModel.Password)
{
ModelState.AddModelError(string.Empty, "The user name or password is incorrect");
return View(yourModel);
}
....
return RedirectToAction("Index", "Home");
and in the view, include
#Html.ValidationSummary(true)
to display the message
I have a contact form in a Twitter Bootstrap Modal and if the user happens to not enter a name or email address and hits submit I want to return to the Modal instead of just closing the Modal. Also if the form is valid I would like to let the user know that an we will be contacting them shortly in the same modal. Is this possible?
Here is my controler.
[HttpPost]
public ActionResult Index(Contact model)
{
ViewBag.IsValid = false;
ViewBag.CaptchaError = "";
RecaptchaVerificationHelper recaptchaHelper = this.GetRecaptchaVerificationHelper();
if (String.IsNullOrEmpty(recaptchaHelper.Response))
{
ViewBag.CaptchaError = "The Captcha cannot be empty";
return View();
}
RecaptchaVerificationResult recaptchaResult = recaptchaHelper.VerifyRecaptchaResponse();
if (recaptchaResult != RecaptchaVerificationResult.Success)
{
ViewBag.CaptchaError = "The Captcha was incorrect";
return View();
}
if (ModelState.IsValid)
{
SendSupportEmail(model);
ViewBag.isValid = true;
}
return View();
}
Here is my view with the Modal
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content col-md-12">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title" id="myModalLabel">Contact Us</h4>
</div>
<center>
<div class="modal-body">
#using (Html.BeginForm())
{
if ((bool)ViewBag.IsValid)
{
}
else
{
#Html.AntiForgeryToken()
<div class="form-horizontal">
<div class="form-group">
<div class="col-md-12">
#Html.TextBoxFor(model => model.Name, new { #class = "form-control", placeholder = "Name" })
#Html.ValidationMessageFor(model => model.Name)
</div>
</div>
<div class="form-group">
<div class="col-md-12">
#Html.TextBoxFor(model => model.Phone, new { #class = "form-control", placeholder = "Phone" })
#Html.ValidationMessageFor(model => model.Phone)
</div>
</div>
<div class="form-group">
<div class="col-md-12">
#Html.TextBoxFor(model => model.Email, new { #class = "form-control", placeholder = "E-Mail Address" })
#Html.ValidationMessageFor(model => model.Email)
</div>
</div>
<div class="form-group">
<div class="col-md-12">
#Html.TextAreaFor(model => model.Comments, new { #class = "form-control", height = "40", placeholder = "Comments" })
#Html.ValidationMessageFor(model => model.Comments)
</div>
</div>
<div class="form-group">
#if (!string.IsNullOrEmpty(ViewBag.CaptchaError))
{
<span class="field-validation-error">#ViewBag.CaptchaError</span>
}
#Html.Recaptcha(theme: Recaptcha.Web.RecaptchaTheme.Clean)
</div>
<div class="form-group">
<div class="col-md-12">
<input type="submit" id="submit" value="Submit" class="btn btn-default btn-lg btn-primary col-sm-12" />
</div>
</div>
</div>
}
}
</div>
</center>
</div>
</div>
I have searched everywhere and was unable to find a solution.
Don't have enough rep to comment - hence the answer. I reckon the easiest way to do this would be to use ajax. User jquery validation plugin to validate user input on submit click. This way, the validation messages can be displayed on the modal itself and the page doesn't have to be refreshed.
On successful validation, the form can be posted to your controller action. You can send a success message as part of your response and display it as a popup or a notification using notifyjs or your own code.
I am fairly new to MVC and a little stumped on this one.
I implemented ReCaptcha last night in my Umbraco MVC 4 application (6.1.6).
ReCaptcha works, the controller gets the correct captcha valid state and all is good. The problem is when the captcha is incorrect, I set the ModelState.AddModelError(string, string) and return the model in order to show that the captcha entered as incorrect, but the view never triggers the Html.ValidateMessage("captcha-error") to show the actual error message updated in the ModelState.
Any help or advice would be appreciated
Controller:
[HttpPost]
[RecaptchaControlMvc.CaptchaValidator]
public ActionResult SubmitContactFormAction(Models.ContactFormModel model, bool captchaValid, string captchaErrorMessage)
{
if (!captchaValid)
{
ModelState.AddModelError("captcha-error", captchaErrorMessage);
return View(model);
}
else
{
// Test ModelState and do stuff
}
}
View:
#model WebStaging.Models.ContactFormModel
#using Recaptcha
#using (Ajax.BeginForm("SubmitContactFormAction", "ContactForm", null, new AjaxOptions { HttpMethod = "POST" }, new { #id = "frmContactForm" }))
{
#Html.ValidationSummary(true)
<div>
Fields marked with * are required<br/><br />
<div class="clear pad-5">
<div class="label-column">
#Html.LabelFor(model => model.Name) *
</div>
<div class="input-column">
#Html.TextBoxFor(model => model.Name, new { #class = "input-242" })<br />
#Html.ValidationMessageFor(model => model.Name)
</div>
</div>
<div class="clear pad-5">
<div class="label-column">
#Html.LabelFor(model => model.Email) *
</div>
<div class="input-column">
#Html.TextBoxFor(model => model.Email, new { #class = "input-242" })
</div>
</div>
<div class="clear pad-5">
<div class="label-column">
#Html.LabelFor(model => model.Phone)
</div>
<div class="input-column">
#Html.TextBoxFor(model => model.Phone, new { #class = "input-242" })
</div>
</div>
<div class="clear pad-5">
<div class="label-column">
#Html.LabelFor(model => model.Subject) *
</div>
<div class="input-column">
#Html.TextBoxFor(model => model.Subject, new { #class = "input-242" })
</div>
</div>
<div class="clear pad-5">
<div class="label-column">
#Html.LabelFor(model => model.Message) *
</div>
<div class="input-column">
#Html.TextAreaFor(model => model.Message, new { #class = "input-textarea" })
</div>
</div>
<br />
<div id="captcha-panel" class="clear" style="text-align: right; float: right; padding-top: 5px;">
#Html.Raw(Html.GenerateCaptcha("captcha", "white"))
</div>
<p>
<div id="captcha-result" class="clear">
#Html.ValidationMessage("captcha-error")
</div>
<div class="clear pad-5" style="float: right; text-align: center;">
<button type="submit">Send</button><br />
<div id="submit-status" style="color: Green;"></div>
</div>
</div>
I think problem is caused because ReCaptcha is not a simple web control. I think you can easy walk around problem changing your "captcha-result" div with new class or style attribute.
<div id="captcha-result" class="someClassWithRedBigFont" >
#Html.ValidationMessage("captcha-error")
</div>
If you using jQuery you can check jQuery Validate plugin.