-->

How to insert data into sql server database using jquery with Preventing CSRF Attacks in asp.net MVC 4 Application

| | |
How to insert data into sql server databse using jquery with Preventing CSRF Attacks

Introduction

In the previous example we have seen that How to insert data into sql server database using jquery (post method) in asp.net MVC 4 Application. But there was not used AntiForgeryToken.
AntiForgeryToken is used for prevent CSRF (Cross Site Request Forgery) attack. CSRF is a way of hack where hacker exploits the trust of a website on the user.
Here we will see How to insert data into sql server databse using jquery with Preventing CSRF Attacks in asp.net MVC 4 Application.


Steps :

Step - 1 : Create New Project.

Go to File > New > Project > Select asp.net MVC4 web application > Entry Application Name > Click OK > Select Internet Application > Select view engine Razor > OK

Step-2: Add a Database.

Go to Solution Explorer > Right Click on App_Data folder > Add > New item > Select SQL Server Database Under Data > Enter Database name > Add.

Step-3: Create table for fetch data.

Open Database > Right Click on Table > Add New Table > Add Columns > Save > Enter table name > Ok.
In this example, I have used one tables as below


Step-4: Add Entity Data Model.

Go to Solution Explorer > Right Click on Project name form Solution Explorer > Add > New item > Select ADO.net Entity Data Model under data > Enter model name > Add.
A popup window will come (Entity Data Model Wizard) > Select Generate from database > Next >
Chose your data connection > select your database > next > Select tables > enter Model Namespace > Finish.

Step-5: Apply Validation On Model.

Open your model and add validation. Please follow below code

  1.             
  2. namespace MVCAjaxSave
  3. {
  4.  using System;
  5.  using System.Collections.Generic;
  6.  using System.ComponentModel.DataAnnotations;
  7.  
  8.  public partial class ContactInfo
  9.  {
  10.   public int ID { get; set; }
  11.   [Required(ErrorMessage="Contact Name required!", AllowEmptyStrings=false)]
  12.   public string ContactName { get; set; }
  13.   [Required(ErrorMessage="Contact No required!", AllowEmptyStrings=false)]
  14.   public string ContactNo { get; set; }
  15.  }
  16. }

Step-6: Add a new Controller.

Go to Solution Explorer > Right Click on Controllers folder form Solution Explorer > Add > Controller > Enter Controller name > Select Templete "empty MVC Controller"> Add.

Step-7: Add new action into your controller for save data.

Here I have added "Save" Action into "Ajax" Controller. Please write this following code

  1.              
  2. public ActionResult Save()
  3.  {
  4.   return View();
  5.  }

Step-8: Add view for the Action & design.

Right Click on Action Method (here right click on form action) > Add View... > Enter View Name > Select View Engine (Razor) > Check "Create a strong-typed view" > Select your model class > Add.
[N:B:Please Rebuild solution before add view.]

Step-9: Add jquery code for save data to the server.

Jquery Code 
  1.                 
  2. <script>
  3.  $(document).ready(function () {
  4.   $("#AjaxPost").click(function () {
  5.    $("#content").html("<b>Please Wait...</b>");
  6.  
  7.    var dataObject = {
  8.     ContactName: $("#ContactName").val(),
  9.     ContactNo : $("#ContactNo").val()
  10.    };
  11.    // Here Add validation token with dataObject
  12. dataObject.__RequestVerificationToken = $("input[name=__RequestVerificationToken]").val();
  13. $.ajax({
  14.     url: "@Url.Action("Save","Ajax")",
  15.     type: "POST",
  16.     data: dataObject,
  17.     dataType: "json",
  18.     success: function (data) {
  19.      if (data.toString() == "Successfully Saved!") {
  20.       $("#ContactName").val('');
  21.       $("#ContactNo").val('');
  22.       $("#content").html("<div class='success'>"+data+"</div>");
  23.      }
  24.      else {
  25.       $("#content").html("<div class='failed'>" + data + "</div>");
  26.      }
  27.     },
  28.     error: function () {
  29.      $("#content").html("<div class='failed'>Error! Please try again</div>");
  30.     }
  31.    });
  32.  
  33.   });
  34.  });
  35. </script>
Complete View 
  1.             
  2. @model MVCAjaxSave.ContactInfo
  3.  @{
  4.   ViewBag.Title = "Ajax Save - Contact Info";
  5.  }
  6.  
  7.  <style>
  8.   .success {
  9.    border:solid 1px rgb(13,109,0);
  10.    width:300px;
  11.    padding:5px;
  12.    background-color:rgb(215,255,218);
  13.   }
  14.   .failed {
  15.  
  16.  
  17.    border:solid 1px red;
  18.    width:300px;
  19.    padding:5px;
  20.    background-color:rgb(255,229,229);
  21.   }
  22.  </style>
  23.  
  24.  <h2 style="font-size:12pt; font-weight:bold;">Ajax Save - Contact Info</h2>
  25.  
  26.  @using (Html.BeginForm()) {
  27.   @Html.ValidationSummary(true)
  28.   @Html.AntiForgeryToken()
  29.   <fieldset style="background-color:#ffffff">
  30.    <legend>Contact Info</legend>
  31.    <div style="padding:20px;">
  32.     <div class="editor-label">
  33.     Contact Name
  34.    </div>
  35.    <div class="editor-field">
  36.     @Html.EditorFor(model => model.ContactName)
  37.     @Html.ValidationMessageFor(model => model.ContactName)
  38.    </div>
  39.  
  40.    <div class="editor-label">
  41.     Contact No
  42.    </div>
  43.    <div class="editor-field">
  44.     @Html.EditorFor(model => model.ContactNo)
  45.     @Html.ValidationMessageFor(model => model.ContactNo)
  46.    </div>
  47.  
  48.    <p>
  49.     <input type="button" value="Save" id="AjaxPost"/>
  50.    </p>
  51.    <div id="content">
  52.  
  53.    </div>
  54.     </div>
  55.   </fieldset>
  56.  }
  57.  
  58.  <div>
  59.   @Html.ActionLink("Back to List", "Index")
  60.  </div>
  61.  
  62.  @section Scripts {
  63.   @Scripts.Render("~/bundles/jqueryval")
  64.   <script>
  65.    $(document).ready(function () {
  66.     $("#AjaxPost").click(function () {
  67.      $("#content").html("<b>Please Wait...</b>");
  68.  
  69.      var dataObject = {
  70.       ContactName: $("#ContactName").val(),
  71.       ContactNo : $("#ContactNo").val()
  72.      };
  73.      // Here Add validation token with dataObject
  74.      dataObject.__RequestVerificationToken = $("input[name=__RequestVerificationToken]").val();
  75.      $.ajax({
  76.       url: "@Url.Action("Save","Ajax")",
  77.       type: "POST",
  78.       data: dataObject,
  79.       dataType: "json",
  80.       success: function (data) {
  81.        if (data.toString() == "Successfully Saved!") {
  82.         $("#ContactName").val('');
  83.         $("#ContactNo").val('');
  84.         $("#content").html("<div class='success'>"+data+"</div>");
  85.        }
  86.        else {
  87.         $("#content").html("<div class='failed'>" + data + "</div>");
  88.        }
  89.       },
  90.       error: function () {
  91.        $("#content").html("<div class='failed'>Error! Please try again</div>");
  92.       }
  93.      });
  94.  
  95.     });
  96.    });
  97.   </script>
  98.  }
  99.  

Step-10: Add another action into your controller for Save Data to the server.

Here I have added "Save" Action into "Ajax" Controller for POST Action. Please write this following code

  1.                 
  2. [HttpPost]
  3. [ValidateAntiForgeryToken]
  4. public ActionResult Save(ContactInfo CI)
  5. {
  6.  
  7.  string message = "";
  8.  if (ModelState.IsValid)
  9.  {
  10.   try
  11.   {
  12.    using (MyDatabaseEntities dc = new MyDatabaseEntities())
  13.    {
  14.     dc.ContactInfoes.Add(CI);
  15.     dc.SaveChanges();
  16.  
  17.     message = "Successfully Saved!";
  18.    }
  19.   }
  20.   catch (Exception ex)
  21.   {
  22.    message = "Error! Please try again.";
  23.   }
  24.  }
  25.  else
  26.  {
  27.   message = "Please provide required fields value.";
  28.  }
  29.  if (Request.IsAjaxRequest())
  30.  {
  31.   return new JsonResult { Data = message, JsonRequestBehavior = JsonRequestBehavior.AllowGet };
  32.  }
  33.  else
  34.  {
  35.   ViewBag.Message = message;
  36.   return View(CI);
  37.  }
  38. }

Step-11: Run Application.


Download Application     Live Demo


Related Post :
  1. How to insert data into sql server databse using jquery (post method) in asp.net
  2. How to insert data into sql server databse using jquery (post method) in asp.net MVC 4 Application.
How to insert data into sql server databse using jquery with Preventing CSRF Attacks




Hello ! My name is Sourav Mondal. I am a software developer working in Microsoft .NET technologies since 2010.

I like to share my working experience, research and knowledge through my site.

I love developing applications in Microsoft Technologies including Asp.Net webforms, mvc, winforms, c#.net, sql server, entity framework, Ajax, Jquery, web api, web service and more.

Related Posts:

Subscribe to Newsletter

Get latest article about asp.net, mvc, jquery, web api, angularjs and much more straight into your INBOX for free. Just Enter your email address, Verify and join our Newsletter!