RequestValidation token with Kendo grid

2 posts, 0 answers
  1. Madzie
    Madzie avatar
    65 posts
    Member since:
    Apr 2012

    Posted 30 Oct 2013 Link to this post

    Is there a way to have the validation token with kendo grid ?
  2. nikobellic
    nikobellic avatar
    46 posts
    Member since:
    Feb 2013

    Posted 31 Oct 2013 Link to this post

    Hi Madzie,

    Assuming you are using asp.net mvc controllers to perform your AJAX create/update actions and MVC Views to render your grid you can use the following approach.

    • Add your AntiForgeryToken to the view using the default MVC way
    @Html.AntiForgeryToken()
    • Append the token to the headers of the Kendo Datasource create/update transport methods.
    ,
                        create: {
                            url: baseUrl + "Create",
                            headers: { __RequestVerificationToken: $("input[name='__RequestVerificationToken']").val() },
                            contentType: "application/json",
                            dataType: "json",
                            type: "POST",
                        },

    • Check that the server received a valid AntiForgeryToken using an ActionFilter that looks for the token inside an HTTP Header. React to this depending on validity/presence of Token.
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,
                    AllowMultiple = false, Inherited = true)]
    public sealed class ValidateJsonAntiForgeryTokenAttribute
                                : FilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }
      
            var httpContext = filterContext.HttpContext;
            var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
            AntiForgery.Validate(cookie != null ? cookie.Value : null,
                                 httpContext.Request.Headers["__RequestVerificationToken"]);
        }
    }

    You can read more this approach here.

    Hope it helps.


  3. Kendo UI is VS 2017 Ready
Back to Top