Actually I have a asp.net mvc web application Now I have a button which if a user has sufficient rights then its visibility is set as true or false (using jquery)
Now, recently working through firebug in the browser i changed its visibility to true.
It performed the action(which is wrong).
How to prevent this?
Thanks.
You need to perform the authorization on the controller method or parent class that clicking your button invokes.
You can use the AuthorizeAttribute class to decorate your class.
There's more information here on MSDN regarding the Authorize Attribute.
You'll see examples on that page such as:
[Authorize(Roles = "Admin, Super User")]
public ActionResult AdministratorsOnly()
{
return View();
}
The underlining issue is validation should not be done client side. The clients browser can activate / deactivate anything and change any value.
If the user doe not have sufficient permissions do not render the button at all or (if design requires it) render a disabled button with no link so that the user could activate via dom manipulation but not click.
<% if (((int) ViewData["permission"]) >= 3) { // one of many ways to do this, perhaps not the best but quick. %>
<input type="button" />
<% } %>
Related
In my Checkout.SelectAddress.cshtml page I have the following form:
#using (Html.BeginFormAntiForgeryPost(Url.Action("SelectAddress", "Checkout", new { area = "Store" })))
{
//extra code collecting information
<li class="align right"><button type="submit">#T("Next")</button></li>
}
I am using orchard cms 1.6 but I am having a problem with a navigation issue.
When the user clicks the above button they are directed to the URL:
http://localhost:30320/OrchardLocal/UMACS.Store/Checkout/Summary
I want to navigate to : http://localhost:30320/OrchardLocal/
i've tried replaing 'checkout' from the original form but having no joy. Anyone have any idea?
That form posts to a specific action in some module apparently named "Store". That action seems to then redirect to Summary. The only way you can make it redirect to something else is by changing its code.
I am newbie with asp.net MVC and i want something simple. I have an Index.aspx page and a UrlContent.cs class.
I am searching how to write the code of the button_click listener of the page in the class. So far havent found anything on google.
Thats all, thank you
MVC is a different paradigm, and doesn't really have the concept of "event listeners".
That concept was always an abstraction from how web clients/servers really communicated. To a web server, there's really only one event, and that is an HTTP request from the client. To achieve the illusion of "events", ASP.Net does some (Javascript+cookies) magic behind the scenes, and creates hidden form input tags -- containing info about which button was clicked -- within a standard HTML form, and posting the form back to the server.
MVC adheres much more closely to the native behavior of HTML/HTTP. It requires you to get accustomed to working with those technologies -- forms, GET/POST requests, and AJAX.
To handle a (submit form) button click event, you create an action in your controller that accepts parameters.
Controller
[HttpPost]
public ActionResult Index(MyModel model)
{
// handle the submit button's "click event" here
}
View
#model MyModel
#using (#Html.BeginForm("Index", "Home")) {
#Html.EditorForModel
<input type='submit' value='submit' />
})
If you're running MVC, I think you're looking for something like this
#Html.ActionLink("Link Text", "Action method Name", "Controller name",new {} , new {})
Here's some documentation on more overloads.
Hi
i want to do a work in asp.net using mvc and ajax
i have a button
when i click that button,its text should be changed.e.g before click(Click me) after click(u clicked me)
but i want to do this work in MVC2
i have studied but couldn't understood mvc
kinfly do this example so that i can understand it easily
Best Regards:
Shaahan
are u just trying to change the text label on click?
there's a few ways to do this, but you can probably just use an onclick event and change the label straight when the user click on the button.
for example like so.
but if you want to do it MVC just for the heck of it, then you can create a view, click on the button and do a form post to the same page, and on the controller use ViewData["ButtonLabel"] and update the button label when the page goes back :P
You can do what you want simply with javascript. If you want to learn mvc here a simple [music store][1] tutorial that I has helped me a lot! [1]: http://www.asp.net/mvc/tutorials/mvc-music-store-part-1
MVC stands for Model, View, Controller.
The way this works is you have a controller, say HomeController which is a class derived from Controller. When you access /Home/ on the site through your browser it serves the browser a view and any additional information, often cookies and such. The model is the data and logic of the program, often handling things like databases.
There are multiple ways to go about this example.
//In HomeController class
public ActionResult Index()
{
return View();
}
public ActionResult Clicked()
{
return View()
}
And then for the Views for the index view you'd have a button which would link to /Home/Clicked. Then on the clicked view you'd have the button with changed text.
Of course this is only one way to do it you could just append a number do the /Home/ url and pass that to the view and if it's not 0 have the test be different or use javascript to change the button's text
Index view:
<form>
<input type="button" value="NClicked" onclick="window.location.href='/Home/Clicked'">
</form>
Clicked view:
<form>
<input type="button" value="Clicked" onclick="window.location.href='/Home/'">
</form>
Of course there's more to the views than that, but you can insert that into your body.
I have an asp registration page using a custom asp:CreateUserWizard.
Once the registration is completed successfully (RegisterUser_CreatedUser for example) I want to redirect the user to another page, be it a welcome screen, etc... (using Response.Redirect(URL); I guess), but I also want to, some how, popup a new window with the login page.
Is it possible to popup a screen from an external url using this method, or is there another way I should go about it?
I did try creating a custom button which calls this js function for registration:
function redirectAfterRegister() {
Page_ClientValidate();
if (Page_IsValid) {
window.open('/Account/Login.aspx?UserCreated=True');
$('#CreateUserButton').click();
}
return false;
}
This popup works because its called off a click, but the problem with this is the popup is always called even if the creation of the user was unsuccessful - which is wrong.
Any help is highly appreciated.
The problem is that popups only work when a user actually clicks in external sites. This prevents spammers from popping up ads all the time. Once another function is called after the click it is considered unfriendly and therefore to allowed externally.
I think it best to let the user know the registration was successful and give them navigation options from there. If anything, at least its user friendly that way, without confusion.
The asp:CompleteWizardStep can be used to redirect after successful registration, and provide extra navigation where needed.
Good Luck, and let me know if you find an alternate solution.
Why not use the CreateUserWizard.ContinueDestinationPageUrl property to go to your welcome page. You can then place your javascript to open a new window in the onload event of the Body element.
In my master page, I have a language dropdown menu. When the user selects a language from the dropdown, a submit sends the currently selected language to the "Translate" method in my controller. After which it should redirect to the url it was before the translation submit so it can show the exact same page, but now in the newly selected language.
How would I best go about this? Should I send the current url somehow in a hidden field? Or can I maybe send the current routevaluedictionary, so my translate method can redirectToRoute directly?
Or maybe there is an entirely better way?
--EDIT--
Because I want my bookmarks to include the site language too, all my exposed actions have a siteLanguage parameter too. If I could somehow efficiently show the user a bunch of regular (GET) links where the siteLanguage parameter is filled in with the relevant value, that would be even better. But as far as I know, there is no way to put links in a dropdown except with java maybe.
I have a similar situation, and I solved it slightly differently.
Because my master page had functionality in it, I created a new base controller class (that inherits from Controller) and all my real controllers inherit from my custom class.
Then, I implement OnActionExecuting in the base class to do some common work.
Then, in your masterpage, if you have a form like this, it will submit to the current URL with a GET request and add the language as a querystring parameter:
<form id="language" method="get" >
<select name="language">
<option value="en">English</option>
<option value="es">Spanish</option>
...
</select>
</form>
Use jQuery to wire it up to autosubmit, etc.
You could look for a language parameter in the querystring in your base controller class and set the flag that tells the real controller method which language to use. In the model, you directly go to the real controller to regenerate the page and avoid a redirect.
Note, this only works universally, if you are not already using querystring parameters.
If this doesn't work for you, you could also use your current method, but include the URL to be redirected to in a hidden field like this:
<%= Html.Hidden("redirect", Request.Url %>
public ActionResult Translate(string _lang){
switch(_lang){
case "English":
return View("English");
case: "French":
return View("French");
default:
return View("English");
}
I would personally do it like this
I would put the return url in the querystring, just like forms authentication does when it redirects to the login page.
Include the returnUrl in the routeValues when you do your Translate request.