1 Answer, 1 is accepted
0
Ignacio
Top achievements
Rank 1
Rank 1
answered on 31 Oct 2013, 08:02 PM
Hi Madzie,
Assuming you are using asp.net mvc controllers to perform your AJAX create/update actions and MVC Views to render your grid you can use the following approach.
Assuming you are using asp.net mvc controllers to perform your AJAX create/update actions and MVC Views to render your grid you can use the following approach.
- Add your AntiForgeryToken to the view using the default MVC way
@Html.AntiForgeryToken()
- Append the token to the headers of the Kendo Datasource create/update transport methods.
, create: { url: baseUrl + "Create", headers: { __RequestVerificationToken: $("input[name='__RequestVerificationToken']").val() }, contentType: "application/json", dataType: "json", type: "POST", },- Check that the server received a valid AntiForgeryToken using an ActionFilter that looks for the token inside an HTTP Header. React to this depending on validity/presence of Token.
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]public sealed class ValidateJsonAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter{ public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } var httpContext = filterContext.HttpContext; var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName]; AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]); }}You can read more this approach here.
Hope it helps.
Hope it helps.