Skip to content

DevExpress-Examples/asp-net-mvc-grid-antiforgerytoken-with-crud-operations

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Grid for ASP.NET MVC - How to use AntiForgeryToken with CRUD operations

The Html.AntiForgeryToken method generates a hidden form field (anti-forgery token) that can be validated when the form is submitted. Call this method inside a DevExpress callback-aware extension to automatically send the token value with an extension callback.

Implementation Details

In this example, the Html.AntiForgeryToken method is called in a SetHeaderCaptionTemplateContent method handler.

@Html.DevExpress().GridView(settings => {
    // ...
    settings.CommandColumn.SetHeaderCaptionTemplateContent(c => {  
        ViewContext.Writer.Write(Html.AntiForgeryToken().ToHtmlString());  
        ViewContext.Writer.Write("#");  
    });  

During CRUD operations, the grid sends the token with a callback. To check the value on the server, decorate the action method with the ValidateAntiForgeryToken attribute.

[ValidateAntiForgeryToken]  
public ActionResult GridViewAddNewPartial(Product product) {
    // ...
}  
[ValidateAntiForgeryToken]  
public ActionResult GridViewUpdatePartial(Product product) {
    // ...
}  
[ValidateAntiForgeryToken]  
public ActionResult GridViewDeletePartial(int productID) {
    // ...
}  

Files to Review

More Examples

About

Use AntiForgeryToken to approve grid CRUD operations on the server.

Topics

Resources

License

Stars

Watchers

Forks

Contributors 4

  •  
  •  
  •  
  •  

Languages