Presentation is loading. Please wait.

Presentation is loading. Please wait.

BIT 286: Web Applications Lecture 04 : Thursday, January 15, 2015 ASP.Net MVC -

Published byEugenia Jewel Johnston Modified over 8 years ago

Similar presentations

Presentation on theme: "BIT 286: Web Applications Lecture 04 : Thursday, January 15, 2015 ASP.Net MVC -"— Presentation transcript:

1 BIT 286: Web Applications Lecture 04 : Thursday, January 15, 2015 ASP.Net MVC -

2 Examining the Edit Methods and Edit View  https://docs.asp.net/en/latest/tutorials/ first-mvc-app/controller-methods- views.html https://docs.asp.net/en/latest/tutorials/ first-mvc-app/controller-methods- views.html  Using Entity Framework attributes to annotate model fields  Using the Tag helpers (to generate path via routing)  Postbacks  2 nd method with bound object  Redirecting  Anti-forgery token 2

3 using System; using System.ComponentModel.DataAnnotations; using System.Data.Entity; namespace MvcMovie.Models { public class Movie { public int ID { get; set; } public string Title { get; set; } [Display(Name = "Release Date")] // default was “ReleaseDate” [DataType(DataType.Date)] public DateTime ReleaseDate { get; set; } public string Genre { get; set; } public decimal Price { get; set; } } public class MovieDBContext : DbContext { public DbSet Movies { get; set; } } Using EF attributes to better define DB table 3

4 using System; using System.ComponentModel.DataAnnotations; using System.Data.Entity; namespace MvcMovie.Models { public class Movie { public int ID { get; set; } public string Title { get; set; } [Display(Name = "Release Date")] // default was “ReleaseDate” [DisplayFormat(DataFormatString = "{0:yyyy-MM-dd}", ApplyFormatInEditMode = true)] public DateTime ReleaseDate { get; set; } public string Genre { get; set; } public decimal Price { get; set; } } public class MovieDBContext : DbContext { public DbSet Movies { get; set; } } Using EF attributes to better define DB table 4

5 C# Attributes (aka “Annotations” in Java)  “C# provides a mechanism for defining declarative tags, called attributes, which you can place on certain entities in your source code to specify additional information.”  “Entities” – classes, methods, instance variables, etc.  “The information that attributes contain can be retrieved at run time through reflection. You can use predefined attributes or you can define your own custom attributes. ” -- MSDNreflectionpredefined attributes MSDN  NUnit used these ( [Test], [TestFixture], [Category], etc) 5

6 Date formats  There’s a page for the DisplayFormat attributeDisplayFormat  According to the docs, this can usedocs  Various standard formatting codes for C#’s date&time typesstandard formatting codes for C#’s date&time types  Custom formats (This is what the page is using) Custom formats  For example, "{0:dddd, MMMM d, yyyy}" will produce: Friday, January 1, 1999 6

7 Tag Helpers 7

8 MVC 6 Anchor Tag Helper  In Views/Movies/Index.cshtml:  Edit | Details | Delete  This generates:  Edit | Details | Delete 8

9 MVC 6 Anchor Tag Helper  In Views/Movies/Index.cshtml: Edit This generates: Edit  This actually builds the path based on the routing info in Startup.cs/Configure()  Routes  You can change your routing and all the links will change  You can choose a different controller with asp-controller=“Product”  You can pass parameters via asp-route-  Parameter must be specified in the route (in Startup.cs/Configure()) 9

10 MVC 6 Anchor Tag Helper: Named Routes  “Another option is to specify the controller and action using a named route. For example, if your application had a route named login defined as follows in your MVC route configuration:  routes.MapRoute( name: "login", template: "login", defaults: new { controller = "Account", action = "Login" });  then you can bind an anchor tag to that route as follows:  Login ” From http://www.davepaquette.com/archive/2015/06/01/mvc-6- anchor-tag-helper.aspx#Named_Routeshttp://www.davepaquette.com/archive/2015/06/01/mvc-6- anchor-tag-helper.aspx#Named_Routes 10

11 WE STOPPED HERE on 5/2/2016 11

12 How does the Edit page work?  Go to localhost:xxxx/Movies, then click on the ‘Edit’ link for something  The URL in the browser will be something like http://localhost:54203/Movies/Edit/2 http://localhost:54203/Movies/Edit/2  This is done using an HTTP GET request  Change something, click ‘Save’  Browser needs to sends the changed data to the same URL  but this time using a POST request  http://www.w3schools.com/tags/ref_httpmethods.asp http://www.w3schools.com/tags/ref_httpmethods.asp  When the ‘Save’ works you’ll see the Index page again 12

13 Controllers/MoviesController.cs  Look at // GET: Movies/Edit/5 public IActionResult Edit(int? id) { if (id == null) { return HttpNotFound(); } Movie movie = _context.Movie.Single(m => m.ID == id); if (movie == null) { return HttpNotFound(); } return View(movie); } 13 This is the action that gets executed when a GET request is made

14 Controllers/MoviesController.cs  Look at // POST: Movies/Edit/5 [HttpPost] [ValidateAntiForgeryToken] public IActionResult Edit(Movie movie) { if (ModelState.IsValid) { _context.Update(movie); _context.SaveChanges(); return RedirectToAction("Index"); } return View(movie); } 14 This is the action that gets executed when a POST request is made  Could mark the prior method with [HttpGet], but that’s not needed because that’s the default

15 Controllers/MoviesController.cs  Look at // POST: Movies/Edit/5 [HttpPost] [ValidateAntiForgeryToken] public IActionResult Edit(Movie movie) { if (ModelState.IsValid) { _context.Update(movie); _context.SaveChanges(); return RedirectToAction("Index"); } return View(movie); } 15 This will prevent Cross-Site Request Forgery (CSRF, aka XSS attack). Specifically, this attribute says to check the anti- forgery token is the value that we gave to the browser (when it asked for the Edit form)

16 CSRF / XSS Attack  XSS Attack:  Customer logs into your web site, then visits another, malicious web site  Malicious web site knows that the browser is storing login credentials & that it will send appropriate cookies back to your web site when browser next visits that site  Malicious web site creates it’s own form to post to your website, and is logged in with your credentials  Antiforgery Token:  In addition to the cookie, ASP.Net will add a random number to each form (and it will save a copy for it’s later reference)  The number is the token  This is added in via  When a form is submitted ASP.Net checks both  the cookie (which the browser sends automatically)  the token (the random number, which the malicious site cannot get) 16

17 Controllers/MoviesController.cs  Look at // POST: Movies/Edit/5 [HttpPost] [ValidateAntiForgeryToken] public IActionResult Edit(Movie movie) { if (ModelState.IsValid) { _context.Update(movie); _context.SaveChanges(); return RedirectToAction("Index"); } return View(movie); } 17 Checks if the information provided is valid This is done in the client for convenience, and in the server for security

18 Controllers/MoviesController.cs  Look at // POST: Movies/Edit/5 [HttpPost] [ValidateAntiForgeryToken] public IActionResult Edit(Movie movie) { if (ModelState.IsValid) { _context.Update(movie); _context.SaveChanges(); return RedirectToAction("Index"); } return View(movie); } 18 These lines save the information into the database.

19 Controllers/MoviesController.cs  Look at // POST: Movies/Edit/5 [HttpPost] [ValidateAntiForgeryToken] public IActionResult Edit(Movie movie) { if (ModelState.IsValid) { _context.Update(movie); _context.SaveChanges(); return RedirectToAction("Index"); } return View(movie); } 19 This will redirect the browser to the Index URL

20 Controllers/MoviesController.cs  Look at // POST: Movies/Edit/5 [HttpPost] [ValidateAntiForgeryToken] public IActionResult Edit(Movie movie) { if (ModelState.IsValid) { _context.Update(movie); _context.SaveChanges(); return RedirectToAction("Index"); } return View(movie); } 20 If the server was given invalid data, then direct the browser back to the Edit page

21 Older ways of generating links  If you’re using MVC 5 then you don’t need the following, but it’s good to know about since it’s the way this stuff was done in the prior verion(s). 21

22 The Html helper class  How to link from, say, the Index page to the Details page?  In Views/Movies/Index.cshtml @Html.ActionLink("Edit", "Edit", new { id=item.ID }) | @Html.ActionLink("Details", "Details", new { id=item.ID }) | @Html.ActionLink("Delete", "Delete", new { id=item.ID }) 22

23 Html.ActionLink method  @Html.ActionLink("Details", "Details", new { id=item.ID }) |  First arg is the text to put on the page  Second arg is the name of the method on this controller to link to  Movies.Details  Third arg is an anonymous object with info needed to build the path  This actually builds the path based on the routing info in App_Data/RouteConfig.cs  You can change your routing and all the links will change  Details at MSDN Details at MSDN  There are other versions if you want to link to a different controller (e.g., back to the overall home page) 23

Download ppt "BIT 286: Web Applications Lecture 04 : Thursday, January 15, 2015 ASP.Net MVC -"

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Presenter: James Huang Date: Sept. 29, 2014 1.  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.

Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.
The Librarian Web Page Carol Wolf CS396X. Create new controller  To create a new controller that can manage more than just books, type ruby script/generate.

The Librarian Web Page Carol Wolf CS396X. Create new controller  To create a new controller that can manage more than just books, type ruby script/generate.
Introduction to MVC 4 03. Adding a View Page NTPCUG Tom Perkins, Ph.D.

Introduction to MVC Adding a View Page NTPCUG Tom Perkins, Ph.D.
Introduction to MVC 4 06. Action Methods, Edit View, and a Search Feature NTPCUG Dr. Tom Perkins.

Introduction to MVC Action Methods, Edit View, and a Search Feature NTPCUG Dr. Tom Perkins.
Building Modern Websites with ASP.NET Rachel Appel

Building Modern Websites with ASP.NET Rachel Appel
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Blackbaud Web Purchasing Training Session 1. Agenda What is Blackbaud Web Purchasing? How to login to Blackbaud Web Purchasing Create a purchase requisition.

Blackbaud Web Purchasing Training Session 1. Agenda What is Blackbaud Web Purchasing? How to login to Blackbaud Web Purchasing Create a purchase requisition.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Introduction to MVC 4 04. Adding Model Classes NTPCUG Tom Perkins, Ph.D.

Introduction to MVC Adding Model Classes NTPCUG Tom Perkins, Ph.D.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google