ValidateAntiForgeryToken

Feb 3, 2011 at 6:59 AM

Hi! Does your grid supports subject method? I mean linked with @Html.AntiForgeryToken()

Coordinator
Feb 3, 2011 at 7:38 AM

Hi,

I'm not sure I understand what you mean by subject method, but as for Html.AntiForgeryToken, it really depends:

1. When using the new Local data feature, the grid doesnt require any additional requests (because it uses the View's model as it's datasource),

thus making it agnostic to the anti forgery mechanism (so yes ;))

2. When using the ListUrl property, after the view has loaded, the grid makes an additional GET request to the server to fetch the data.

In this case:

  • if the ValidateAntiForgery attribute is set on the initial controller - it should work with no problem (as it's prior to the grid)
  • If you set the ValidateAntiForgery attribute on the controller fetching the grid's data, you'll need to inject the forgery token as a querystring parameter to the ListUrl property (not much different than the solution offered here: http://tpeczek.blogspot.com/2010/05/using-antiforgerytoken-with-other-verbs.html) and that should work. I'll be honest though - I haven't tried it myself, but I could add test case to the sample project if you want.

If you try it yourself, let me (us?) know how it went.

Feb 3, 2011 at 7:56 AM

Sorry for my slang, I meant Discussion Subject as '[ValidateAntiForgeryToken]', you can find the video concerning it here http://videos.visitmix.com/MIX09/T44F

I.e.
[Authorize]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult JsonListSomething(string sidx, string sord, int page, int rows)

If we just use @Html.AntiForgeryToken() "somewhere" in the View, containing jqGrid, the scheme doesn't work and JsonListSomething rejects the request.
I think the best way is to use technology replacement as described on the given link.

Thanks for advice!

 

Feb 3, 2011 at 8:09 AM

Great work actually, thanks again for the Project.

It was really surprising to see someone is very close to your current tasks and find an interesting solution to hold all of the jqGrid creation iterations to understandable interface.

So I appreciate your efforts.

Coordinator
Feb 3, 2011 at 8:34 AM

Cheers ;)

I've managed to make a proof of concept using the solution I offered, it'll be in the sample project in the upcoming releaes.

Also, I'll make the tranfer method of the grid a customizable parameter to allow POST as well as the default GET method, so thanks for the heads up!

Feb 3, 2011 at 12:47 PM
Edited Feb 3, 2011 at 3:30 PM

What is the best way to link some from filter to MVC jqGrid? I'm not sure if that is correct question here actually...

For example if I would like to shorten grid list by i.e. dates period, what is the best way to use that filter with MVC jqGrid?

How to union events of changing  for example column order and filter submit button?

Am i clear? ((:

(updated) Now I'm using cookies but not sure if it is correct.