The Html.AntiForgeryToken method generates a hidden form field (anti-forgery token) that can be validated when the form is submitted. Call this method inside a DevExpress callback-aware extension to automatically send the token value with an extension callback.
Implementation Details
In this example, the Html.AntiForgeryToken method is called in a SetHeaderCaptionTemplateContent method handler.
Code@Html.DevExpress().GridView(settings => {
// ...
settings.CommandColumn.SetHeaderCaptionTemplateContent(c => {
ViewContext.Writer.Write(Html.AntiForgeryToken().ToHtmlString());
ViewContext.Writer.Write("#");
});
During CRUD operations, the grid sends the token with a callback. To check the value on the server, decorate the action method with the ValidateAntiForgeryToken attribute.
Code[ValidateAntiForgeryToken]
public ActionResult GridViewAddNewPartial(Product product) {
// ...
}
[ValidateAntiForgeryToken]
public ActionResult GridViewUpdatePartial(Product product) {
// ...
}
[ValidateAntiForgeryToken]
public ActionResult GridViewDeletePartial(int productID) {
// ...
}
Files to Review
More Examples
Does this example address your development requirements/objectives?
(you will be redirected to DevExpress.com to submit your response)
Example Code
T292767/Controllers/HomeController.cs
C#using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace T292767.Controllers
{
public class HomeController : Controller
{
// GET: Home
public ActionResult Index() {
return View();
}
public ActionResult GridViewPartial() {
return PartialView(NorthwindDataProvider.GetProducts());
}
[ValidateAntiForgeryToken]
public ActionResult GridViewAddNewPartial(Product product) {
if (ModelState.IsValid) {
try {
NorthwindDataProvider.InsertProduct(product);
}
catch (Exception e) {
ViewData["EditError"] = e.Message;
}
}
else
ViewData["EditError"] = "Please, correct all errors.";
return PartialView("GridViewPartial", NorthwindDataProvider.GetProducts());
}
[ValidateAntiForgeryToken]
public ActionResult GridViewUpdatePartial(Product product) {
if (ModelState.IsValid) {
try {
NorthwindDataProvider.UpdateProduct(product);
}
catch (Exception e) {
ViewData["EditError"] = e.Message;
}
}
else
ViewData["EditError"] = "Please, correct all errors.";
return PartialView("GridViewPartial", NorthwindDataProvider.GetProducts());
}
[ValidateAntiForgeryToken]
public ActionResult GridViewDeletePartial(int productID) {
try {
NorthwindDataProvider.DeleteProduct(productID);
}
catch (Exception e) {
ViewData["EditError"] = e.Message;
}
return PartialView("GridViewPartial", NorthwindDataProvider.GetProducts());
}
}
}
T292767/Views/Home/GridViewPartial.cshtml
Razor@model System.Collections.IEnumerable
@Html.DevExpress().GridView(settings => {
settings.Name = "GridView";
settings.KeyFieldName = "ProductID";
settings.CallbackRouteValues = new { Controller = "Home", Action = "GridViewPartial" };
settings.SettingsEditing.AddNewRowRouteValues = new { Controller = "Home", Action = "GridViewAddNewPartial" };
settings.SettingsEditing.UpdateRowRouteValues = new { Controller = "Home", Action = "GridViewUpdatePartial" };
settings.SettingsEditing.DeleteRowRouteValues = new { Controller = "Home", Action = "GridViewDeletePartial" };
settings.CommandColumn.Visible = true;
settings.CommandColumn.ShowEditButton = true;
settings.CommandColumn.ShowNewButton = true;
settings.CommandColumn.ShowDeleteButton = true;
settings.CommandColumn.SetHeaderCaptionTemplateContent(c => {
ViewContext.Writer.Write(Html.AntiForgeryToken().ToHtmlString());
ViewContext.Writer.Write("#");
});
settings.Columns.Add("ProductID");
settings.Columns.Add("ProductName");
settings.Columns.Add("UnitPrice");
settings.Columns.Add("UnitsOnOrder");
}).Bind(Model).GetHtml()