I'm trying to make an async HttpPost requests with Ajax & MVC.
I know that SessionId is the problem: multiple requests from the same client with the same SessionId will add the second request to the queue.
after I google it I saw some answers for this it fails to me.
I tried to clear session data.
I tried to add an mvc attribute to change session mode to readOnly:
[SessionState(System.Web.SessionState.SessionStateBehavior.ReadOnly)]
public class TestController : SurfaceController
{
[HttpPost]
public ActionResult Test1()
{
Thread.Sleep(5000);
return Json("1");
}
[HttpPost]
public ActionResult Test2()
{
Thread.Sleep(5000);
return Json("2");
}
}
Related
SO. I have an Action method in a controller as here below:
[Authorize]
public ActionResult ToDo()
{
//Do some stuff
return View();
}
I would like to allow facebook crawler access the content of the razor view for ToDo action method. How is that possible? Your thoughts.
create two action with same name but overload that for example
[Authorize]
[Route("Home/Index/{status:boolean}")]
Public ActionResult Index(bool status)
{
}
[Route("Home/Index/{id:int}")]
Public ActionResult Index(int id)
{
}
and you can create customeActionInvoker
I have been trying to understand an online tutorial and I am stumped.
Can someone please tell me where the text "Hello" is sent to? Is the message sent directly to the browser without being placed on a page?
public class GoHomeController : Controller
{
public string Index()
{
return "Hello";
}
}
How's this? Your controller action needs to have a return type of ActionResult, there are many subclasses of this class that allow for various types of responses however you can always influence with brute force if you like. For example"
public ActionResult Index()
{
Response.Write("hello world");
return null;
}
The above code writes to the Response stream directly, in my example I return a null. This indicates no ActionResult is needed to be performed by the MVC system, typically this is where the View is specified, the View will be read, parsed and written to the Response stream as well.
But typical controller actions do have return values, for example here is how I could return JSON, remember the View is just an abstraction to allow you to control what is written to the Response stream.
public ActionResult Index()
{
return Json( new { Message="Hello world"});
}
And then there is the typical ActionResult that directs the output to a .cshtml file:
public ActionResult Index()
{
return View();
}
This will write to the Response stream using the Index.cshtml file tied to this controller namespace or I could specify the name of the .cshtml:
public ActionResult Index()
{
return View("HelloWorld"); //<-- looks for HelloWorld.cshtml
}
Implementing a basic authorization and authentication layer is quite easy with ASP.NET MVC 4; it's all automatically generated with the 'ASP.NET MVC 4 Web Application'-project template.
However, I'm tasked with implementing some controller actions that require re-authentication and I'm aiming for a maintainable solution. Simply put in a user story, I'm trying to implement the following:
User logs on;
User navigates to a controller (attributed with [Authorize]) action which renders a form view;
User performs a POST by submitting the form;
An authentication form appears in which the user needs to re-authenticate using his/her username and password;
If authentication is succesfull, proceed with handling the POST-request.
Note that 'reauthentication' does not have to alter the state of the current user session.
Obviously, there are many ways to implementing this, but I feel like an implementation which looks similiar to the following (pseudo) sample would suit my needs.
[Authorize]
[InitializeSimpleMembership]
public class SpecialActionController : Controller
{
public ActionResult SpecialForm() { return View(); }
public ActionResult Succes() { return View(); }
[HttpPost]
[ReAuthenticate] /* <- Prompts user with reauthentication form before proceeding. */
public ActionResult SpecialForm(SpecialFormModel model)
{
if (ModelState.IsValid)
RedirectToAction("Succes");
else
return View(model);
}
}
Any suggestions?
Edit: I forgot to mention that any OAuth-related features are out of scope. External authentication is not an issue here and does not require support. In fact, with the current project I'm working on, all OAuth-related features are either removed or deactivated.
You should be able to do this using a combination of a custom AuthorizeAttribute and the Session. Override the AuthorizeCore method and let all the default authentication take place but introduce your own extra check (for re-authentication) e.g.
public class RecurringAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var reauth = (bool?)httpContext.Session["ReAuthenticated"];
var result = base.AuthorizeCore(httpContext) && (reauth ?? false);
httpContext.Session["ReAuthenticated"] = !result;
return result;
}
}
This should re-direct the user to the login page everytime they hit the action and they haven't re-authenticated. If the user has re-authenticated, we clear the session variable to force a login on the next request.
For this to work correctly, we need a hook to set the ReAuthentication session variable - I think the LogOn method in the AccountController would be the ideal place for this
public class AccountController : Controller
{
...
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
Session["ReAuthenticated"] = User.Identity.IsAuthenticated;
return RedirectToLocal(returnUrl);
}
...
}
}
Then all that's left to do is decorate our controller actions
[Authorize]
public ActionResult SomePrivateAction()
{
...
}
[RecurringAuthorize]
public ActionResult SomeSuperSecretAction()
{
...
}
You should find authorization will work as normal for any actions using the default AuthorizeAttribute and any actions decorated with the RecurringAuthorizeAttribute will be forced to login everytime they request the page, which includes page refreshes.
I tried to implement the hypothetical [ReAuthenticate]-attribute, but found myself relying on reflection too much. After putting some thought into a more manageable solution, I finally came up with the following:
ReAuth class
public sealed class ReAuth
{
#region Constructor
private ReAuth(Func<System.Web.Mvc.ActionResult> onSuccessAction)
{
this.onSuccessAction = onSuccessAction;
}
#endregion
#region Public static members
public static ReAuth CreateFor(HttpSessionStateBase httpSession, Func<System.Web.Mvc.ActionResult> onSuccessAction)
{
httpSession[sessionKey] = new ReAuth(onSuccessAction);
return GetFor(httpSession);
}
public static ReAuth GetFor(HttpSessionStateBase httpSession)
{
return httpSession[sessionKey] as ReAuth;
}
public static bool ExistsFor(HttpSessionStateBase httpSession)
{
return httpSession[sessionKey] as ReAuth != null;
}
#endregion
#region Public instance members
public bool ReAuthenticated { get; set; }
public System.Web.Mvc.ActionResult Handle()
{
if (ReAuthenticated)
return onSuccessAction();
else
return new System.Web.Mvc.RedirectToRouteResult(
new System.Web.Routing.RouteValueDictionary
{
{ "Controller", "#" }, /* Replace '#' with the name of the controller that implements the re-authentication form... */
{ "Action", "#" } /* Replace '#' with the name of the action on the aforementioned controller. */
});
}
#endregion
#region Private members
private const string sessionKey = "reAuthenticationSessionKey";
private readonly Func<System.Web.Mvc.ActionResult> onSuccessAction;
#endregion
}
Implementation
Suppose we have a hypothetical controller where the solution is applied:
public class AccountInfoController : System.Web.Mvc.Controller
{
/* snip... */
[HttpPost]
public ActionResult EditAccountInfo(AccountInfo model)
{
if (ModelState.IsValid)
return ReAuth.CreateFor(Session, () => { return Success(); }).Handle();
else
return View(model);
}
}
...and, we need a controller (essentially, a 'dumb' copy of the real AccountController that does not tamper with the Forms Authentication User Session state) in which the re-authentication takes place.:
public class ReAuthController : System.Web.Mvc.Controller
{
/* Snip... */
[HttpPost]
public ActionResult LogOn(LogOnModel model)
{
if (ModelState.IsValid)
{
ReAuth.GetFor(Session).ReAuthenticated = Membership.ValidateUser(model.User, model.Password);
return ReAuth.Handle();
}
return View(model);
}
}
As far as I know, this is a manageable solution. It does rely a lot on storing objects into session state. (Especially the object state of the controller which implements the ReAuth-class) If anyone has additional suggestions, please let me know!
I'm faced with the following problem :
I have a controller with lets say the following actions:
[HttpGet]
public ActionResult Index()
{
var viewModel = new IndexViewModel();
return View("Index", viewModel);
}
[HttpPost]
public void ExportToExcell(LeadsViewModel model)
{
// Export to excell code goes here
}
The problem is the following:
The User enters on Index page with this URL : /Controller/Index
Then the user submits the form to Action ExportToExcel
Data is exported to Excel( file downloaded ) and it's okay.
The URL becomes /Controller/ExportToExcell
Then when I am clicking "Enter" I am going To /Controller/ExportToExcell but with GET
and of course falling with Page Not Found, the question is how properly to Deal with this in MVC
Don't use void as returned type of your post action, use an ActionResult
[HttpPost]
public ActionResult ExportToExcell(LeadsViewModel model)
{
// Export to excell code goes here
return RedirectToAction("Index");
}
I believe that your problem is that you aren't returning a FileResult, and the browser will redirect you to your post path. Can't test it right now, but I believe the following should work.
[HttpPost]
public ActionResult ExportToExcell(LeadsViewModel model)
{
// Generate the Excel file into a MemoryStream for example
// Return a FileResult with the Excel mime type
return File(fileStream, "application/vnd.ms-excel", "MyExcelFile.xls");
}
Check FileResult and Controller.File for more details.
As a note, I'm not completely sure if that's the mime type for an Excel file, but if you say you are already downloading the file, your probably already have it :)
You must return ActionResult instead of void.
public ActionResult ExportToExcel(PagingParams args)
{
var data = new StudentDataContext().Student.Take(200).ToList();
return data.GridExportToExcel<Student>("GridExcel.xlsx", ExcelVersion.Excel2007, args.ExportOption);
}
Please check the link: Export Action
mvc - First "get" result for request.params get exception, second "get" is ok.
i have a page that has a field with xml text in it.
i am using validation=false.
but, on post method in the controller i am trying to get the requset.params and i get an error of
"A potentially dangerous Request.Form value was detected from the client". after some digging and debugging i see that first time i am trying to get the request.params i get an exception, BUT when i try to get it for the second time everything is ok.
this is the filter i am using to avoid problems with the xml (i am converting it to binary data and empty the xml string field):
public class RestAPIAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
((SimulationModel)filterContext.ActionParameters["model"]).Data = CommonConverters.StringToByteArray(((SimulationModel)filterContext.ActionParameters["model"]).StringData);
((SimulationModel)filterContext.ActionParameters["model"]).StringData = string.Empty;
base.OnActionExecuting(filterContext);
}
}
and this is the post method:
[HttpPost]
[ValidateInput(false)]
[RestAPIAttribute]
public ActionResult EditSimulation(Guid id, SimulationModel model)
{
try
{
model.RelationModel = new RelationModel(false, this.Resource("Simulations.AddToObjects"), "SimulationToObjects", id, sessionId, Request.Params, new List<ObjectTypes>() { ObjectTypes.Entity, ObjectTypes.EntityType, ObjectTypes.Universe });
}
catch (Exception ex)
{
Logger.LogException(ex);
}
/* more code here*/
return View(newModel);
}
now, as you can see one of the RelationModel's constuctor has a parameter of request.param which is giving me the problem.
my currenty workaround for this issue is just calling it twice (but i am looking for better solution or at least an explanation):
[HttpPost]
[ValidateInput(false)]
[RestAPIAttribute]
public ActionResult EditSimulation(Guid id, SimulationModel model)
{
try
{
try
{
model.RelationModel = new RelationModel(false, this.Resource("Simulations.AddToObjects"), "SimulationToObjects", id, sessionId, Request.Params, new List<ObjectTypes>() { ObjectTypes.Entity, ObjectTypes.EntityType, ObjectTypes.Universe });
}
catch
{
model.RelationModel = new RelationModel(false, this.Resource("Simulations.AddToObjects"), "SimulationToObjects", id, sessionId, Request.Params, new List<ObjectTypes>() { ObjectTypes.Entity, ObjectTypes.EntityType, ObjectTypes.Universe });
}
}
catch (Exception ex)
{
Logger.LogException(ex);
}
/* more code here*/
return View(newModel);
}
If this is ASP.NET MVC 3+ you could use the [AllowHtml] attribute on your model property that contains the XML. This will disable request validation only for this property and not the entire request:
public class SimulationModel
{
[AllowHtml]
public string StringData { get; set; }
}
and then:
[HttpPost]
public ActionResult EditSimulation(Guid id, SimulationModel model)
{
// you could directly use model.StringData here without any
// encoding needed
return View(newModel);
}
And if this is an ASP.NET MVC 2 application running in ASP.NET 4.0 in addition to decorating your controller action with the [ValidateInput(false)] attribute you might need to put the following in your web.config:
<httpRuntime requestValidationMode="2.0"/>
If it is an ASP.NET MVC 3 application you don't need to put this line in your web.config in order to use the [ValidateInput(false)] attribute.