Antiforgery Token in DataManager
12 Jan 202111 minutes to read
Antiforgery tokens prevents anyone from submitting requests to your site while postback the data that are generated by a malicious script not generated by the actual user.
For this purpose, the input element with hidden value field and name attribute is created. The value from the input element stored in cookies. To enable the antiforgery, set enableAntiForgery property as true.
<input type="hidden" name="_ejRequestVerifyToken" value="f2cd20a3-5ae1-4e19-be61-d409191be3b1"><form>
<ej-grid id="FlatGrid" allow-paging="true" action-complete="complete" load="load" begin-edit="onedit">
<e-datamanager id="flatData" json="ViewBag.data" update-url="/Home/Update" enable-anti-forgery="true" adaptor="remoteSaveAdaptor" remove-url="/Home/Remove"></e-datamanager>
<e-edit-settings allow-editing="true" allow-deleting="true" allow-adding="true" edit-mode="InlineFormTemplate" inline-form-template-id="#template"></e-edit-settings>
<e-toolbar-settings show-toolbar="true" toolbar-items="@(new List<string>() {"add","edit","delete","update","cancel" })"></e-toolbar-settings>
<e-columns>
<e-column field="OrderID" header-text="Order ID" is-primary-key="true" text-align="Right" width="75"></e-column>
<e-column field="CustomerID" header-text="Customer ID" width="75"></e-column>
<e-column field="ShipCity" header-text="Ship City" width="75"></e-column>
</e-columns>
</ej-grid>
</form>
@section Scripts{
<script>
function onedit(args) {
args.model.dataSource.dataSource.antiForgery = true;
}
</script>
}
//Edit
@using (Html.BeginForm("FormPost", "Home", FormMethod.Post, new { id = "formData" }))
{
<div>
<div>
@Html.Label("OrderID")
</div>
<div>
@Html.TextBox("OrderID", Model.OrderID.ToString(), new { @readonly = "readonly" })
</div><br />
<div>
@Html.Label("CustomerID")
</div>
<div>
@Html.TextBox("CustomerID", Model.CustomerID.ToString())
</div><br />
<div>
@Html.Label("EmployeeID")
</div>
<div>
@{Html.EJ().NumericTextbox("EmployeeID").Value(Model.EmployeeID.ToString()).Render(); }
</div><br />
</div><br />
<div class="col-md-3">
@{(Html.EJ().Button("save").Text("Save").ClientSideEvents(eve => eve.Click("onClose"))).Render();} @*bind an event to button*@
</div>
<br />
<br />public static List<Orders> order = new List<Orders>();
public void BindDataSource()
{
int code = 10000;
for (int i = 1; i < 10; i++)
{
order.Add(new Orders(code + 1, "ALs", i + 0, 2.3 * i, new DateTime(1991, 05, 15), "Berlin", true));
order.Add(new Orders(code + 2, "ANATR", i + 2, 3.3 * i, new DateTime(1990, 04, 04), "Madrid", false));
order.Add(new Orders(code + 3, "ANTON", i + 1, 4.3 * i, new DateTime(1957, 11, 30), "Cholchester", false));
order.Add(new Orders(code + 4, "BLONP", i + 3, 5.3 * i, new DateTime(1930, 10, 22), "Marseille", true));
order.Add(new Orders(code + 5, "BOLID", i + 4, 6.3 * i, new DateTime(1953, 02, 18), "Tsawassen", true));
code += 5;
}
}
public IActionResult Index()
{
if (order.Count() == 0)
BindDataSource();
ViewBag.data = order;
return View();
}
public ActionResult Update([FromBody]CRUDModel<Orders> myObject)
{
var token = Request.Cookies["_ejRequestVerifyToken"];
var ord = myObject.Value;
Orders val = order.Where(or => or.OrderID == ord.OrderID).FirstOrDefault();
val.OrderID = ord.OrderID;
val.EmployeeID = ord.EmployeeID;
val.CustomerID = ord.CustomerID;
val.Freight = ord.Freight;
val.ShipCity = ord.ShipCity;
return Json(myObject.Value);
}
public class Orders
{
public Orders()
{
}
public Orders(long OrderId, string CustomerId, int EmployeeId, double Freight, DateTime OrderDate, string ShipCity, Boolean Verified)
{
this.OrderID = OrderId;
this.CustomerID = CustomerId;
this.EmployeeID = EmployeeId;
this.Freight = Freight;
this.OrderDate = OrderDate;
this.ShipCity = ShipCity;
this.Verified = Verified;
}
public long OrderID { get; set; }
public string CustomerID { get; set; }
public int EmployeeID { get; set; }
public double Freight { get; set; }
public DateTime OrderDate { get; set; }
public string ShipCity { get; set; }
public Boolean Verified { get; set; }
}
In the header, You can find the anti-forgery token value
