Generate new token on each request in MVC Ajax post call (Custom Code)
Step: 1
Step: 1
In controller add below Code to generate new random
token and store it in the session
protected string GenerateCSRFToken()
{
RandomNumberGenerator rng = new RNGCryptoServiceProvider("Add Your Salt
String");
var tokenData = new byte[64];
rng.GetBytes(tokenData);
var token = Convert.ToBase64String(tokenData);
Session["CSRFtoken"] = token.Trim();
return token;
}
Step:
2
In controller generate new token and pass it to view
using ViewData.
public ActionResult Index()
{
ViewData["CSRFtoken"] = GenerateCSRFToken();
return View();
}
Step:
3
In View create hidden field and assign ViewData value to
it.
<input type="hidden" value="@ViewData["CSRFtoken"]" id="hdnCSRFtoken" />
Step: 4
In View read and pass the hidden field value as method parameter/
<script type="text/javascript">
ConvertToStringify = function (data) {
data.name =
JSON.stringify(data.name);
return (data);
};
$(document).ready(function () {
$("#btnAjaxJsonSubmit").click(function (event) {
var txtvalue = $('#txtName').val();
var myname = txtvalue;
var token = $('#hdnCSRFtoken').val();
$.ajax({
url: '@Url.Action("Create", "CSRFAjaxwithJsonStringify")',
type: "POST",
data: ConvertToStringify({
name: myname, token: token }),
dataType: "json",
traditional: true,
async: true,
success: function (response) {
$('#hdnCSRFtoken').val(response.CSRFNewToken);
alert(response.Message);
},
error: function (xhr) {
debugger;
alert(xhr.status);
}
});
});
});
</script>
Step: 5
In Controller validate session token value and parameter value and generate
new token on success and pass to View.
public JsonResult Create(string name,string token)
{
var sessiontoken = Convert.ToString(Session["CSRFtoken"]);
if (token == sessiontoken)
{
var newtoken = GenerateCSRFToken();
return Json(new { Success = true, Message = name, CSRFNewToken = newtoken });
}
else
{
return Json(new { Success = false, Message = "Failed" });
}
}
Step:
6
In view update new token in hidden field value on
success.
<script type="text/javascript">
ConvertToStringify = function (data) {
data.name =
JSON.stringify(data.name);
return (data);
};
$(document).ready(function () {
$("#btnAjaxJsonSubmit").click(function (event) {
var txtvalue = $('#txtName').val();
var myname = txtvalue;
var token = $('#hdnCSRFtoken').val();
$.ajax({
url: '@Url.Action("Create", "CSRFAjaxwithJsonStringify")',
type: "POST",
data: ConvertToStringify({
name: myname, token: token }),
dataType: "json",
traditional: true,
async: true,
success: function (response) {
$('#hdnCSRFtoken').val(response.CSRFNewToken);
alert(response.Message);
},
error: function (xhr) {
debugger;
alert(xhr.status);
}
});
});
});
</script>
Comments
Post a Comment