I have a search box on my site.
The controller looks like this:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult SearchResults(SearchModel model)
{
View:
<div class="siteSearch clearfix" role="search">
<form id="HeaderSearchForm">
#Html.AntiForgeryToken()
<label for="tbSiteSearch">Search:</label>
<input type="text" id="tbSiteSearch" name="tbSiteSearch" class="text" />
<button type="submit" class="btn submit">
<i class="icon-search"></i>
</button>
</form>
</div>
So when I do a search, I can see the hidden label with the Anti Forgery Token present. This all works as expected because if I take a blank html page, copy the form code and leave the '__RequestVerificationToken' blank, I get told that the token hasn't been set and the search doesn't run. Which is what I would expect.
The issue I have is if I submit a search, copy the token from my site and place it in to my blank html page e.g.
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://www.adomainname.co.uk/Search/SearchResults/" method="POST">
<input type="hidden" name="SearchTerm" value="testing" />
<input type="hidden" name="__RequestVerificationToken" value="theverificationtokengoeshere" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
The request is submitted - even if I am running the above code on localhost. I would have expected the form to not submit as it was coming from a different domain. Am I misunderstanding how this should work?
If I refresh the page and resubmit Im obviously allocated a new AFT and so the submit fails again but this doesn't feel right.
Ideally I would prefer the form action to only run on the domain it's on and not be able to execute the action from another site. I thought using AntiForgeryToken prevent Cross-Site Request Forgery.
If any of this is unclear, please let me know and I'll explain more.
Related
When I am trying to submit a form with action url, I am not able to redirect to that particular url. The URL contains 6 query string parameters (JWT token etc). The URL char length is around 9000.
Current URL: http://localhost:2712/Record/Value
Trying to redirect to: https://
I have tried to redirect from controller but I am getting the following error
Refused to load the script 'http://localhost:61962/' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Passing the url with Query string parameters from Controller to a partial view.
#model LaunchModel
<div><form id="idForm" action="#Model.Url" method="post">
<input type="submit" value="Submit" />
</form>
<script>
document.getElementById("idForm").submit();
</script></div>
Tried with hidden parmeter as well
#model LaunchModel <div><form id="idForm" action="#Model.Url" method="post"><input type="hidden" name="token" value="#Model.token" />
<input type="hidden" name="val" value="#Model.val" />
.
.
<input type="submit" value="Submit" class="d-none" />
</form>
<script>
document.getElementById("lti1p3RequestForm").submit();
</script></div>
Please help.
I am trying to post data from web form to the controller in my asp.net application so that I can authenticate the credentials which the user has enterted.
My code for the web form looks like this at the bottom of this code there is a submit button.
<form action="~/Controller" method="post">
<fieldset>
<legend> Enter your details</legend>
<div>
<label for="name ">name </label>
<input type="text" name="name" value=""/>
When I run the code and then press the submit button I get an error 405 which is because a HTTP method is not allowed. This is code I have in the controller file. Is the error because I have made a mistake in the web forms of its it because of a error in the controller file.
[HttpPost]
public void MyAction(string telephone, string emailadress, string name )
{
}
You can use tag-helpers, like seen below. documentation: https://learn.microsoft.com/en-us/aspnet/core/mvc/views/working-with-forms?view=aspnetcore-5.0
<form asp-controller="Home" asp-action="MyAction" method="post">
<!-- Input and Submit elements -->
</form>
I am quite new to ASP.NET, I am trying to use the HTML5 required attribute on a textbox.
<form action="/../.." method="post" style="margin-bottom: 20px;" id="testform">
<input type="text" name="Username" required="required">
<input type="submit" class="btn btn-primary" value="Sign In" name="Submit"/>
</form>
When i submit my form without filling the textbox with data, it doesnt show any error message:
When I inspect my form, i see a class has been added by required, but no error message shows:
The same code works fine in JSFiddle, Check it out here
I am building a website with WebMatrix. I would like users to enter their name in the main page and after redirection their name will be shown in the results of another form. But my code is not working.
This is a snippet of the main page:
#{
if (IsPost) {
PageData["fullname"] = String.Format("{0} {1}", Request.Form["mainForename"], Request.Form["mainSurname"]);
PageData["redir"] = Request.Form["goTo"];
}
}
<form name="mainForm" id="mainForm" method="post" action="foo.cshtml" onsubmit="return mainValid(this);">
<h2>Please enter your name:</h2>
<label for="mainForename" class="label">Forename:</label>
<input type="text" name="mainForename" id="mainForename">
<label for="mainSurname" class="label">Surname:</label>
<input type="text" name="mainSurname" id="mainSurname">
<input type="submit" name="goTo" value="Go to Form 1">
<input type="submit" name="goTo" value="Go to Form 2">
</form>
This is a snippet of the page that the main page directs to:
#{
if (IsPost) {
var display = PageData["fullname"];
}
}
<form name="form1" id="form1" method="post" onsubmit="return Valid(this);">
<!-- some HTML code -->
<input type="submit" name="submit" value="Get results">
<p>#Html.Raw(display)</p>
</form>
But whatever value I have submitted in the mainForm, PageData["fullname"] and PageData["redir"] seem to have no values. What is the problem?
Any help would be appreciated.
I think PageData is only useful when combining subpages into a single page.
Instead, try the Session object where you are using PageData. Session will be available for all that user's pages.
So where you have PageData["fullname"] use Session["fullname"]
For more details, see http://www.mikesdotnetting.com/article/192/transferring-data-between-asp-net-web-pages
I find something that's not quite good in your code:
Why your form action is set to a cshtml file? It has to be an action in a controler;
Why are you using "hardcoded" form tag? Use #using(#Html.BeginForm('name', 'action', 'controller'...)
Why do you need WebMatrix? 1st - its pretty old, 2nd it for grids - you have a form.
Use a model, and use #Html.TextBoxFor(x=>x.UserName) inside the #Html.BeginForm.
Then post the form in the action you are posting to redirect to another page that contains the 2nd Form, and have a model. The post action should look somehow like this
[HttpPost]
public ActionResult RedirectToAnotherForm(MyModel model)
{
return View('SecondFormView', new SecondFormModel{
userName = model.name
})
}
I am working on a ASP.NET + Paypal Express project,
Website only have 1 $10 product but customer can buy it in quantities (i.e 1 or 4 or 20 etc )
Its like a paypal cart but only with 1 product with quantities.
I have searched a lot but unable to find some suitable one.
Also I want to redirect my customer to a form after paying money on paypal website.
Can you just tell me the simplest method ?
Also I have few more question :-
using minicart Paypal is suitable for this?
Do I need to configure Paypal Express account & what to configure ?
Thanks a lot :)
=================================================================
Update : Use Paypal mini cart if you need simple integration
Add cart script.js before the body tag ( https://minicart.paypal-labs.com/ )
After that All you need to add this code in your html
<div class="demo container" align="center" >
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<fieldset>
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="add" value="1">
<input type="hidden" name="business" value="#gmail.com">
<input type="hidden" name="item_name" value="Buy Our Services">
<input type="hidden" name="amount" value="6.00">
<%--<input type="hidden" name="discount_amount" value="1.00">--%>
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="return" value="https://minicart.paypal-labs.com/?success">
<input type="hidden" name="cancel_return" value="https://minicart.paypal-labs.com/?cancel">
<strong>Service</strong>
<ul>
<li>Price: $6.00</li>
</ul>
<input type="submit" name="submit" value="Add to cart" class="button">
</fieldset>
</form>
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" class="last">
<fieldset>
<input type="hidden" name="business" value="#gmail.com">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="display" value="1">
<input type="submit" name="submit" value="View your cart" class="button">
</fieldset>
</form>
</div>
Change parameter accordingly & remove link to paypal instead of sandbox
You Paypal cart is ready to go.
If you want a more flexible solution then you should check this URL http://www.codeproject.com/KB/aspnet/paypal_c_aspnet.aspx
Thanks
Panky are you sure is it the right way ?
Customer come on site
Choose product/s and quantity/ies
Before do that you should store in session/database/cookies info that you need and pass to paypal only the stuff that you need with an id or other stuff which could be used to recognized customer too.
then move to pay to paypal.
Customer pay on paypal and paypal send back info about transaction
With these details you may re-create all the info that you need ans can use to complete first step back office tasks or even you may only show some message to cusotmer.
then you will wait ipn's(Instant Payment Notification) callback in order to make all tasks needed in backoffice automation.
This is the right way to do it.
Also you may able to make a good exception handling in order to prevent issue within it.