Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesHow to make an action in my controller HTTP POST?How to make an action in my controller HTTP POST?
Previous
 
Next
New Post
10/17/2018 9:53 AM
 
I am trying to send a string of information to my module's backend code using a form with a submit input. The problem is that, currently, this information gets sent via HTTP GET. This means that a malicious actor could construct a URL containing invalid data that, due to this being done over HTTP GET, would cause this invalid data to get inserted into my site's database. To prevent this from happening, I added an [HttpPost] annotation to the top of the "Submit" method. However, after doing this, I now get a ModuleLoadException when I try to submit the form, complaining about there being no "Submit" action. Why does DNN expect the Submit action to be HTTP GET, and how can I change it to be HTTP POST?
 
New Post
10/18/2018 9:52 AM
 
Okay, so what I did was I replaced the plain <a href="@Url.Action("MY_ACTION", "MY_CONTROLLER)"/> with a jQuery AJAX call for this same action and controller. In the "beforeSend" section of the jQuery AJAX call, I added the following parameters
request.setRequestHeader("ModuleId", @Dnn.ModuleContext.ModuleId);
request.setRequestHeader("TabId", @Dnn.ModuleContext.TabId);
request.setRequestHeader("RequestVerificationToken", $("input[name='__RequestVerificationToken']").val());

By adding these parameters, I can verify that the request did, indeed, come from an authorized user.
To pass the data from the form to the action, I added the following section to the jQuery AJAX call:
data: JSON.stringify({ PARAM_1: param1, PARAM_2: param2 })
The complete jQuery AJAX call looks like this:
$.ajax({
url: "@Url.Action("ACTION", "CONTROLLER")",
type: 'post',
beforeSend: function (request) {
request.setRequestHeader("ModuleId", @Dnn.ModuleContext.ModuleId);
request.setRequestHeader("TabId", @Dnn.ModuleContext.TabId);
request.setRequestHeader("RequestVerificationToken", $("input[name='__RequestVerificationToken']").val());
},
success: function (data) {
var resp;
// trim response from HTML that, for some reason, gets appended to the response
if (data.indexOf('<!DOCTYPE') !== -1) {
resp = data.substring(0, data.indexOf('<!DOCTYPE'));
} else {
resp = data;
}
if (resp !== '1')
{ a l e r t('Submit failed. Error: ' + resp);
}else{
a l e r t(‘Submit succeeded.’);
},
error: function (jqXHR, exception) {
var msg = '';
if (jqXHR.status === 0) {
msg = 'Not connect.\n Verify Network.';
} else if (jqXHR.status === 404) {
msg = 'Requested page not found. [404]';
} else if (jqXHR.status === 500) {
msg = 'Internal Server Error [500].';
} else if (exception === 'rerror') {
msg = 'Requested JSON parse failed.';
} else if (exception === 'timeout') {
msg = 'Time out error.';
} else if (exception === 'abort') {
msg = 'Ajax request aborted.';
} else {
msg = 'Uncaught Error.\n' + jqXHR.responseText;
}
a l e r t('Submit failed: ' + msg);
},
data: JSON.stringify({ submitText: submitText, urlParams: urlParams })
});

Next, I added the following section to the <moduleControls> section of the module's ".dnn" manifest file:
<modulecontrol>
<controlkey>ACTION</controlkey>
<controlSrc>NAMESPACE/CONTROLLER/ACTION.mvc</controlSrc>
<supportsPartialRendering>True</supportspartialrendering>
<controlTitle/>
<controlType>View</controlType>
<iconFile/>
<helpFile/>
<viewOrder>0</viewOrder>
</modulecontrol>

Finally, in the controller, I added the following method:
[HttpPost]
public ActionResult ACTION()
{
Stream req = Request.InputStream;
req.Seek(0, System.IO.SeekOrigin.Begin);
string strData = new StreamReader(req).ReadToEnd();
List parameters = new List();
var pairs = JObject.Parse(strData);
foreach (KeyValuePair<string> pair in pairs)
{
parameters.Add(new Field { Name = pair.Key, Value = (string)pair.Value });
}
// rest of the code to save the parameters to the database
if (success) {
return Content("1"); // return this if submission succeeded
} else {
return Content("0"); // return this if submission failed
}
}

If anyone sees a problem with this, or has questions, feel free to reply or PM me.
 
Previous
 
Next
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesHow to make an action in my controller HTTP POST?How to make an action in my controller HTTP POST?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out