Archive for the ‘ASP.NET MVC’ Category

ASP.NET MVC RTM Release Available

March 19, 2009

A moment a lot of people have been waiting for has arrived: ASP.NET MVC RTM has been released!

Read more about the release on Phil Haack’s blog.  You can also find some extra information about last minute changes (mostly to T4 templates) here: Visual Web Developer Team Blog.

And most important of all, links to the new goodies:

ASP.NET MVC 1.0 download (The Futures download can be found on the same page).

ASP.NET MVC 1.0 source code download

Have fun with the new toys. :)

If you found this post helpful, please click below to “Kick” it:

kick it on DotNetKicks.com

ASP.NET MVC RenderPartial Compiler Error

March 4, 2009

Am I the only person who can stare at a piece of code for ten minutes and not notice the obvious?  I was trying to use the HtmlHelper.RenderPartial method tonight, using the code fragment below:

<%= Html.RenderPartial(
    "~/Views/Shared/ProductSummary.ascx", product) %> 

For those of you who are just getting started with a more recent version of ASP.NET MVC, the RenderPartial method replaces the RenderUserControl method in previous versions.  Anyway, I got this compiler error:

"Cannot implicitly convert type 'void' to 'object'."

It took me TEN minutes to figure out what was wrong...  The RenderPartal method does not return a string, but void.  So, I should have used the following code fragment:

<% Html.RenderPartial(
    "~/Views/Shared/ProductSummary.ascx", product); %>

So, if you get a similar compiler error and don't see what is wrong, there are two differences, because the method returns void and not a string, as most HtmlHelper methods do:

  1. You have to use <% instead of <%=
  2. You have to put a ; after the closing ) of the RenderPartial statement

If you found this post helpful, please click below to "Kick" it:

kick it on DotNetKicks.com

ValidateInput Attribute and ASP.NET MVC

February 18, 2009

ASP.NET has built-in request validation in order to prevent security issues such as Cross Site Scripting.  If you have a form with an editor such as TinyMCE on it and perform a postback, ASP.NET will present you with an error page:

“A potentially dangerous Request.Form value was detected from the client…”

In order to prevent this error mesage, you can disable Request Validation by disabling it in your web.config file (for all the files in that location) or by adding a Page directive to specific pages: 

<%@ Page ValidateRequest="false" ... %>

Today I was working on an ASP.NET MVC application in which I needed to integrate TinyMCE, and was surprised to see that neither the Page directive nor the web.config adjustment solved this problem.   Eventually, Google helped me find the solution.

In order to disable request validation in ASP.NET MVC, you need to add a ValidateInput attribute to your controller's method, as shown in the code fragment below:

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]
public ActionResult Edit(string editor)
{
   ViewData["editor"] = editor;  
   return View();
}

Works like a charm...  However, do note that you may need to implement your own request validation in order to prevent users from using the text editor to execute malicious scripts.

If you found this post helpful, please click below to "Kick" it:

kick it on DotNetKicks.com


Follow

Get every new post delivered to your Inbox.