Please help with such a question and do not judge strictly because I'm a newbie in MVC:
I've got a model for storing names of users by ID in my DB
public class Names
{
public int NameId { get; set; }
public string Username { get; set; }
}
,
a conrtoller
[HttpPost]
public ActionResult EditforModel(Names Name)
{
if (ModelState.IsValid)
{
db.Entry(Name).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index");
}
return View(Name);
}
adding and editing view
adding is working well, the question is about editing
I use
#using (Html.BeginForm())
{
#Html.ValidationSummary(true)
<fieldset>
<legend> legend </legend>
#Html.EditorForModel()
<p>
<input type="submit" value="Save" />
</p>
</fieldset>
}
<div>
#Html.ActionLink("Back to List", "Index")
</div>
to edit my model.
when trying to go to this view I see an editor for both Id and Username, but if i fill Id - I've got error, because there is no Entry in DB with such Id.
Ok.Let's look for attributes to hide an editor.
[ScaffoldColumn(false)] is something like a marker whether to render an editor for Id or not.
applaying it to my model I've got "0" id posting from my View.Try another attr.
[ReadOnly(true)] makes a field a readonly-field. But at the same time I've got "0" in posting Id.
Modifying a view I placed an editors for each field in model
#Html.HiddenFor(model => model.NameId)
#Html.EditorFor(model => model.Username)
but using it is dangerous because some user can post wrong Id throgh post-request.
I can't use [ScaffoldColumn(false)] with applying Id at [Httppost] action of the controller,by searching appropriate user-entry in DB, because the name was changed..
I can't believe #Html.HiddenFor is the only way out.But can't find one :(
As you mentioned "[ScaffoldColumn(false)] is something like a marker whether to render an editor for Id or not", and [ReadOnly(true)] means that this property will be excluded by the default model binder when binding your model.
The problem is that the HTTP protocol is a stateless protocol, which means that when the user posts the edit form to the MVC Controller, this controller has no clue which object he was editing, unless you include some identifier to your object in the request received from the user, though including the real object Id isn't a good idea for the reason you mentioned (that someone could post another Id).
A possible solution might be sending a View Model with an encrypted Id to the View, and decrypting this Id in the controller.
A View Model for your object might look like this :
public class UserViewModel
{
[HiddenInput(DisplayValue = false)]
public string EncryptedId { get; set; }
public string Username { get; set; }
}
So your HttpGet action method will be
[HttpGet]
public ActionResult EditforModel()
{
// fetching the real object "user"
...
var userView = new UserViewModel
{
// passing the encrypted Id to the ViewModel object
EncryptedId = new SimpleAES().EncryptToString(user.NameId.ToString()),
Username = user.Username
};
// passing the ViewModel object to the View
return View(userView);
}
Don't forget to change the model for your View to be the ViewModel
#model UserViewModel
Now the HttpPost action method will be receiving a UserViewModel
[HttpPost]
public ActionResult EditforModel(UserViewModel Name)
{
if (ModelState.IsValid)
{
try
{
var strId = new SimpleAES().DecryptString(Name.EncryptedId);
var id = int.Parse(strId);
// select the real object using the decrypted Id
var user = ...Single(p => p.NameId == id);
// update the value from the ViewModel
user.Username = Name.Username;
db.Entry(user).State = EntityState.Modified;
}
catch (CryptographicException)
{
// handle the case where the encrypted key has been changed
return View("Error");
}
db.SaveChanges();
return RedirectToAction("Index");
}
return View(Name);
}
When the user tries to change the encrypted key, the decryption will fail throwing a CryptographicException where you can handle it in the catch block.
You can find the SimpleAES encryption class here (don't forget to fix the values of Key and Vector arrays):
Simple insecure two-way "obfuscation" for C#
PS:
This answer is based on the following answer by Henry Mori:
Asp.net MVC 3 Encrypt Hidden Values
Related
I am using EF4 (Db First) and I have an entity with a number of non-nullable properties.
In an Edit form (Razor/MVC3), I want to allow the editing of only one of the properties, but not the others.
To get this to work, I am having to put #Html.HiddenFor(...) statements for each of my other properties that can't be nullable, otherwise I get an error on SaveChanges().
Is there a simple way to just have the ID hidden on the view, the property that can be edited, and then update ONLY that property?
All you need to do in this case is to include the ID of the entity you are editing as a hidden field as well as a text field for the property that you actually wanna edit:
#using (Html.BeginForm())
{
#Html.HiddenFor(x => x.ID)
#Html.EditorFor(x => x.PropertyYouWannaEdit)
<button type="submit">Update</button>
}
and then in the corresponding controller action you could retrieve the entity that needs to be edited from your database, update the value of the property that needs editing and save back the changes.
[HttpPost]
public ActionResult Update(SomeEntity model)
{
SomeEntity entityToEdit = db.GetEntity(model.ID);
entityToEdit.PropertyYouWannaEdit = model.PropertyYouWannaEdit;
db.Update(entityToEdit);
return RedirectToAction("Success");
}
But personally I would use a view model and AutoMapper to handle this situation. So I would start by designing a view model representing the requirements of my view and including the properties that needs to be edited only:
public class MyEntityViewModel
{
public int ID { get; set; }
public string Property1ToBeEdited { get; set; }
public string Property2ToBeEdited { get; set; }
...
}
and then have the corresponding view:
#model MyEntityViewModel
#using (Html.BeginForm())
{
#Html.HiddenFor(x => x.ID)
#Html.EditorFor(x => x.Property1ToBeEdited)
#Html.EditorFor(x => x.Property2ToBeEdited)
...
<button type="submit">Update</button>
}
and finally the 2 controller actions (GET and POST):
public ActionResult Update(int id)
{
// Fetch the domain model that we want to be edited from db
SomeEntity domainModel = db.GetEntity(id);
// map the domain model to a view model
MyEntityViewModel viewModel = Mapper.Map<SomeEntity, MyEntityViewModel>(domainModel);
// pass the view model to the view
return View(viewModel);
}
[HttpPost]
public ActionResult Update(MyEntityViewModel model)
{
if (!ModelState.IsValid)
{
// validation failed => redisplay view so that the user can fix the errors
return View(model);
}
// fetch the domain entity that needs to be edited:
SomeEntity entityToEdit = db.GetEntity(model.ID);
// update only the properties that were part of the view model,
// leaving the others intact
Mapper.Map<MyEntityViewModel, SomeEntity>(model, entityToEdit);
// persist the domain model
db.Update(entityToEdit);
// we are done
return RedirectToAction("Success");
}
I have created a very simple view in my MVC3 project that contains a textbox that receives and validates a URL. The controller class is rather simple:
[HttpPost]
public ActionResult Save(ValidationModel model)
{
if (ModelState.IsValid)
{
//Save or whatever
}
return View(model);
}
I'm needing some guidance on how to retrieve the URL entered into the textbox, and subseuquently scan the resulting page for hyperlinks or tags. Once those tags are scanned, I need to return a new view to my user with a list or grid of the tags in alpha order.
Can anyone point me in the correct direction on above steps?
Thanks:)
In your view model you will have a property:
public class ValidationModel
{
[Required]
public string Url { get; set; }
}
and then you will have a corresponding textbox in the view:
#model ValidationModel
#using (Html.BeginForm)
{
#Html.EditorFor(x => x.Url)
<button type="submit">OK</submit>
}
and finally in your POST controller action:
[HttpPost]
public ActionResult Save(ValidationModel model)
{
if (ModelState.IsValid)
{
//Save or whatever
// use model.Url here => it will contain the user input
}
return View(model);
}
Try this:
in your view where your using your model inside your FORM:
#Html.TextBoxFor(m => m.MyHyperLink)
and in your controller you do this:
model.MyHyperLink you can manipulate the string or do what ever you want
easy as that..
hope i helped.
I am doing the ASP.net MVC 3 (Empty type and not the internet type) with the Database First approach...
What i need is
Step 1:
I just used the dropdown to display the various locations where the company is located. The list comes from the Organization table and Location is only one string field in this Oranization Table,
Step 2:
While the user is doing registration, the dropdown list will show the locations.. Now, user selects India, then this value (Location Name) should store in the UserLogin Table...
Now how to read the value from the dropdown and i hope you understand my question and thanks in advance
I would use view models:
public class RegisterViewModel
{
public string LocationName { get; set; }
public IEnumerable<SelectListItem> Locations { get; set; }
}
then a controller action that will serve the view:
public ActionResult Index()
{
var model = new RegisterViewModel();
model.Locations = new SelectList(dbcontext.Organization_Details, "OName", "OLocation");
return View(model);
}
then the corresponding strongly typed view:
#model RegisterViewModel
#using (Html.BeginForm())
{
#Html.LabelFor(x => x.LocationName)
#Html.DropDownListFor(x => x.LocationName, Model.Locations)
<button type="submit">OK</button>
}
and finally the controller action that will be invoked when the form is submitted:
[HttpPost]
public ActionResult Index(RegisterViewModel model)
{
// model.LocationName will contain the selected location here
...
}
I send a BOOKVIEWMODEL with fields and a simple IEnumerable in view I get the this list IEnumerable in the view by a method with JSON AJAX in view and I fill my table Ristourne(View) with JQUERY it works very well but I not know how I fill (BIND or refresh) the list IEnumerable of my BOOKVIEWMODEL in the VIEW to recovered it in the Controller:
[HttpPost]
public ActionResult Create(BookViewModel _bookViewModel)
{
if (ModelState.IsValid)
{
_bookViewModel.Ristourne
return RedirectToAction("Index");
}
return View(_bookViewModel);
my bookviewmodel
public class BookViewModel
{
public String book { get; set; }
public String price { get; set; }
public IEnumerable<Ristourne> Ristourne { get; set; }
}
For the model binding to work, you need to "mimic" the convention MVC uses when generating the form fields.
I don't know the contents of the Ristourne class, but let's say it had 1 field called Foo.
In that case, when you render out the elements (from the JSON AJAX callback), make them look like this:
<input type="text" name="Model.Ristourne[0].Foo" id="Model.Ristourne[0].Foo"/>
<input type="text" name="Model.Ristourne[1].Foo" id="Model.Ristourne[1].Foo"/>
<input type="text" name="Model.Ristourne[2].Foo" id="Model.Ristourne[2].Foo"/>
And so on. Easiest thing to do is in your AJAX callback, just use a basic for loop to create the elements indexer.
Altenatively, a cheat/easy way around this problem would be to make your AJAX action return a PartialViewResult:
public PartialViewResult Book()
{
var ristournes = _repo.Get();
var model = new BooksViewModel { Ristourne = ristournes };
return PartialView(model);
}
Then the partial view:
#Html.EditorFor(model => mode.Ristourne)
Then MVC will create the form fields correctly.
I always prefer this option over dynamically generated form fields. If you want to go down this path often, you should consider something like Knockout.js and/or Upshot.
I have a model which contains a list of another model.
Let's say I have a MovieModel:
public class MovieModel
{
public int MovieId { get; set; }
public string Title { get; set; }
public string Director { get; set; }
}
Then I have the RentalModel:
public class RentalModel
{
public int RentalId { get; set; }
public string CustomerId { get; set; }
public List<MovieModel> Movies { get; set; }
}
Then I have a place where all the rentals are displayed, which by clicking on the rental, its details will be displayed, from the "ShowRentals.aspx" to "ShowRentalDetails.aspx"
<% using (Html.BeginForm()) { %>
<% foreach(var rent in Model) { %>
<div class="editor-label">
<div class="editor-field">
<%: rent.RentalId %>
<%: Html.ActionLink("Details", "ShowRentalDetails",
new {rentalId = rent.RentalId,
customerId = rent.CustomerId,
movies = rent.Movies,
})%>
When I debug, I see that the Movies list is always null. This is because only primitive parameters are passed successfully, such as the Ids. I was never able to pass complex types. I really need this list to be passed on to the controller. Is it maybe because the actionlink is not capable? What other work-arounds can I do? I've been stuck on this for a while.
Nevermind the bare code here, this is just to show you what I'm doing with the list. Please help.
(follow up)
In the Controller, here's the two actions, ShowRentals and ShowRentalDetails:
public ActionResult ShowRentals()
{
MembershipUser user = Membership.GetUser(User.Identity.Name, true);
Guid guid = (Guid)user.ProviderUserKey;
Entities dataContext = new Entities();
Member member = dataContext.Members.Where(m => m.UserID == guid).First();
IEnumerable<RentalModel> toReturn = from r in member.Rentals
select new RentalModel
{
RentalId = m.RentalID,
CustomerId = m.CustomerID,
};
return View(toReturn);
}
[Authorize]
public ActionResult ShowRentalDetails(RentalModel model, List<MovieModel> movies)
{
return View("ShowRentalDetails", model);
}
I can't set it in ShowRentals because the array of movies in the database is of Movie type and not MovieModel, so the two lists are not compatible. It is null in the model when passed from ShowRentals view and the model is reconstructed by mvc, and it also doesn't work when explicitly passed from the actionlink as a parameter. help!
I believe Html.ActionLink performs a GET and you can't pass complex data types using a GET.
If you could refetch the movie list in your ShowRentDetails controller by using the rental id I think that would be best.
Otherwise, you could look up EditorFor templates. If you make an editorfor template for MovieModel and post a RentalModel to ShowRentDetails then you could get the MovieModel list that way.
See http://weblogs.asp.net/shijuvarghese/archive/2010/03/06/persisting-model-state-in-asp-net-mvc-using-html-serialize.aspx for another way.
On a side note, theres no need to make
List<MovieModel> movies
a second parameter in ShowRentDetails when it's already included in the model
Source: ASP.NET MVC - Trouble passing model in Html.ActionLink routeValues
It is clear you cant pass complex view models through action link. There is a possibility to pass simple objects which does not have any complex properties. There is another way you can do as multiple submit buttons and do a post to controller. Through the submit you have possibilities to post complex view models