This is a migrated thread and some comments may be shown as answers.
Using MVC AntiForgeryToken with Delete Command
6 Answers 120 Views
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Michael Kinloch
Top achievements
Rank 1
Michael Kinloch asked on 03 Jun 2010, 11:03 AM
Hi,

Can anyone advise on how to make use of MVC AntiForgeryToken when using the Telerik Grids delete command?

We have managed to implement this using the edit command by pinning an extra column to the grid which contains an anti forgery token for each row.  This works fine because the whole row is sent back when the update button is clicked (using inline edit mode) and anti forgery token is picked up.

The problem with the delete command is that only the Id of the current row is sent back and so the anti forgery token is lost.

We tried simply adding one anti forgery token to a form on the page but this did not work.  This was due to the telerik grid creating a form for each row in the grid (this is why we put an extra AntiForgeryColumn).

Any help with this would be appreciated.

6 Answers, 1 is accepted

Sort by
0
Atanas Korchev
Telerik team
answered on 03 Jun 2010, 11:33 AM
Hi Michael Kinloch,

The only way to do this for the delete command is to modify the source code of the grid. Check the GridDeleteActionCommand.cs file and the BoundModeHtml<T> method.

Regards,
Atanas Korchev
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Adam Salvo
Top achievements
Rank 1
answered on 06 Jul 2010, 05:20 PM
Any plans to implement support for this in a future release?
0
Adam Salvo
Top achievements
Rank 1
answered on 06 Jul 2010, 07:06 PM

Using some stuff I figured out while trying to get this working with jQueryGrid, and some other posts on here, I was able to get delete functionality working with the Telerik Grid and the Anti Forgery Token (ValidateAntiForgeryToken) while not make any code changes.

First you need to emit the token as usual in your view, <%=Html.AntiForgeryToken() %> and add the ValidateAntiForgeryToken to your Delete action in your controller method. You action should also have the HttpPost and the GridAction attributes (mine has a custom transaction attribute for dataaccess, and another custom attribute for security).

Next you will need to include the following java script somewhere in your page. I created a SiteMaster.js file which I then register using the Telerik script manager.

(function ($) {
  $.getAntiForgeryToken = function () {

    var tokenName = "__RequestVerificationToken";

    // Finds the <input type="hidden" name={tokenName} value="..." /> from the specified.
    var inputElements = document.getElementsByTagName("input");
    for (var i = 0; i < inputElements.length; i++) {
      var inputElement = inputElements[i];
      if (inputElement.type === "hidden" && inputElement.name === tokenName) {
        return {
          name: tokenName,
          value: inputElement.value
        };
      }
    }
  };

  $.deleteFromGrid = function (gridId, deleteUrl, deleteMessage) {

    var shouldDelete = confirm(deleteMessage);

    if (shouldDelete == false)
      return false;

    $.post(deleteUrl,
        { __RequestVerificationToken: $.getAntiForgeryToken().value },
        function (data) {
          $(gridId).data('tGrid').ajaxRequest();
        });

  };

})(jQuery);

To invoke the javascript, I bind to a property in my view model that emits the following.

<a title="Delete User" class="notext cross" onclick="$.deleteFromGrid('#Users', 'Controller/Delete/411', 'Are you sure you want to delete user hcw11?'); return false;" href="https://server/virutalDirectory/Controller#">

This creates a link with a css class that presents a red X. Clicking on the X invokes the javascript onClick event, which does a jQuery post to my Delete action with the propery request validation token, and then refreshes the grid maintaining the correct sorting and current page. I have not tested it with grouping or filtering, since i'm using Linq to NHibernate and I understand there are some issues with that scenario, but the nice ajax delete with the anti forgery was more important right now.

0
Eric Caslake
Top achievements
Rank 1
answered on 17 Jun 2011, 06:36 PM
"The only way to do this for the delete command is to modify the source code of the grid. Check the GridDeleteActionCommand.cs file and the BoundModeHtml<T> method."

Any chance you can show us an example of how to do this? I looked at the file but not sure what to do with it or how to effect the change and use it in our project. We need it for both Select and Delete which are Ajax calls.

Thanks.
0
Atanas Korchev
Telerik team
answered on 20 Jun 2011, 08:02 AM
Hello,

 This forum thread is related to the subject.

Best wishes,
Atanas Korchev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
0
John DeVight
Top achievements
Rank 1
answered on 29 Dec 2011, 09:01 PM
Take a look at the following article: Implementing the Anti-Forgery Token with the Telerik MVC Grid

Regards,

John DeVight
Tags
Grid
Asked by
Michael Kinloch
Top achievements
Rank 1
Answers by
Atanas Korchev
Telerik team
Adam Salvo
Top achievements
Rank 1
Eric Caslake
Top achievements
Rank 1
John DeVight
Top achievements
Rank 1
Share this question
or