Delete Record from an ActionLink

Last post 11-05-2009 8:58 AM by bradwils. 7 replies.

Sort Posts:

  • Delete Record from an ActionLink

    11-04-2009, 3:18 PM
    • Member
      72 point Member
    • daveh551
    • Member since 02-23-2008, 3:38 AM
    • Posts 78

    I've got a fairly common scenario, but I can't quite figure it  out.

    My app deals with an individual subscriber.  Subscribers can have a list of contact addresses, and also, separately, a list of another property.  So on the  subscriber page, I have two different fieldsets, each with a list, and a "Create New" button. The Contacts are maintained by the Contacts controller, and the other property is maintained by a different controller.

    The list of contacts is displayed using a standard foreach loop with a table/tr/td hierarchy.  I want the capability for each contact in the list, to be able to delete it, so  I have a Delete action in my ContactsController, and  create an ActionLink in the rightmost cellof each row:

    <%= Html.ActionLink("Delete", "Delete", "Contacts", new {id= contact.Id}, null) %>

    Which works, EXCEPT that, I read once, and understand, it's NOT a good idea to have a Delete action reachable by an HTTP GET request, since any arbitrary person (or robot) can go in and delete anything they want.

    I tried to implement it using an Ajax.ActionLink with an AjaxOptions object with the HttpMethod set to  Delete, as described in the ASP.NET MVC Tuturial   But my Delete method in Contacts is returning a RedirectToAction result back to the Subscribers/Index action.  Since Ajax is trying to do a partial  update, it appears to ignore the redirect to action (which reconstitutes the now-modified contact list), and appears to simply re-display the original page, including the deleted contact.  So I  really would  like to  do  the equivalent of that tutorial (including the Confirmaton alert) without using Ajax.  In other words, do an ActionLink, but provide some parameter to make it use at least a POST, and preferably a DELETE HTTP method.  But I can't find anything that  will let me do that.  (BTW, I can't just return the PartialView as was done in the tutorial because the delete method is in the ContactsController, and  view that I need to go back to is in the SubscribersController. PartialView will accept a view name, but not a controller name.)

    I appreciate any insights. Thanks.

    Filed under: ,
  • Re: Delete Record from an ActionLink

    11-04-2009, 4:08 PM
    • Contributor
      5,585 point Contributor
    • gerrylowry
    • Member since 07-03-2008, 1:46 AM
    • alliston ontario canada
    • Posts 2,090

    http://www.asp.net/learn/mvc/tutorial-17-cs.aspx
    http://www.asp.net/learn/mvc/tutorial-17-vb.aspx

    Authenticating Users with Forms Authentication

    You need to manage your users and their roles.

    If certain users are not allowed to delete,
    you could have a second application for
    deletion purpose.

    or you could have two logins for key staff,
    one for every day use and the second with
    admin priveleges, e.g.:  Jane and JaneAdmin.

    Also, I suggest you watch the video by
    Phil Haack's video:  http://videos.visitmix.com/MIX09/T44F,
                   "Ninja on Fire Black Belt Tips"

    Watch the entire video, it's worth your time.

    Phil discusses security and other worthwhile topics.

    In addition to [Authorize] as discussed in the written tutorial,
    AFAIK you can make your delete into a form and force POST
    with [AcceptVerbs(HttpVerbs.Post)].  I have not tried this
    although I think it will work.  If you do not want a Delete
    button, you can change its appearance AFAIK via css.


    TIMTOWTDI =. there is more than one way to do it.


    Regards,
    Gerry (Lowry)

    Gerry Lowry, Principal
    Ability Business Computer Services ~~ Because it's your Business, our Experience Counts!
    68 John W. Taylor Avenue
    Alliston · Ontario · Canada · L9R 0E1 · gerry.lowry@abilitybusinesscomputerservices.com

    Websites:
    http://abilitybusinesscomputerservices.com
    http://gerrylowryprogrammer.com ~~ résumé & testimonials
    http://veganoccasions.com ~~ recipes
  • Re: Delete Record from an ActionLink

    11-04-2009, 4:28 PM
    • Member
      72 point Member
    • daveh551
    • Member since 02-23-2008, 3:38 AM
    • Posts 78

    Gerry,

    Thanks for taking the time to respond, but you're not really answering the  question that I'm asking. Let me simplify it and rephrase it:


    Is there a way to get an ActionLink to go to a new controller/action via a POST call instead of a GET?


  • Re: Delete Record from an ActionLink

    11-04-2009, 5:14 PM
    • Member
      46 point Member
    • AndyB123
    • Member since 10-03-2009, 6:25 PM
    • Posts 8

    No, I don't think there is I'm afraid.

    I think you have two options really without using Ajax.

    One is to use an ActionLink to get to a confirmation page, that has a form that POSTs to your controller action.

    The other way is to use a form on the original page.  You probably have a list of records each with a delete link, and you need to wrap each of them in a seperate form tag for this to work.  That seemed couterintuitive to me coming from a web forms background where you can only have one from per page - but it works just fine.


  • Re: Delete Record from an ActionLink

    11-04-2009, 5:17 PM
    • Participant
      1,545 point Participant
    • CodeHobo
    • Member since 08-17-2005, 6:58 PM
    • Southern California
    • Posts 272

    Dave - Maybe you can address this by changing the design so that the action link goes to a "are you sure you want to delete?" page (as an http GET which is fine in this case since it's not changing data). Then on that page you would do a form post that calls the delete action method with an http post.

    The other option would be to include a hidden form  with hidden fields on the page and have the link fire off some javascript that basically populates values into the hidden fields and submits the form.

  • Re: Delete Record from an ActionLink

    11-04-2009, 7:07 PM
  • Re: Delete Record from an ActionLink

    11-04-2009, 7:22 PM
    • Contributor
      5,585 point Contributor
    • gerrylowry
    • Member since 07-03-2008, 1:46 AM
    • alliston ontario canada
    • Posts 2,090

    it looks like you need tricks ...

    basically POST is something that happens via a FORM SUBMIT ...

    I would not risk JavaScript tricks because JavaScript is not guaranteed to be availble.

    However:  see http://stackoverflow.com/questions/688722/does-html-actionlink-post-the-form-data for an interesting idea.

    Personally, I think I would stick with the original idea I expressed ... with hidden fields you can force POST as an alternative to using ActionLink ... the idea is to use multiple submit buttons ... here's an Edit example you could adapt to your Delete:

    (without JavaScript)
    on your .aspx page, add a second button:
         <input type="submit"    value="First"        name="submitButton"/>
         <input type="submit"    value="Second"   name="submitButton"/>
    in your Controller:
       
    // POST: /Home/Edit/5
       
    [AcceptVerbs(HttpVerbs.Post)]
       
    public ActionResult Edit(Movie movieToEdit, string submitButton)
        {
            if (submitButton == "First
    ")       et cetera


    For submitButton == "First" you would have an equivalent hidden field that holds the Primary Key for the row that you wish to delete; et cetera.  I think this would work but I am pressed for time and have not thought it through to completion.


    Regards,
    Gerry (Lowry)

    Gerry Lowry, Principal
    Ability Business Computer Services ~~ Because it's your Business, our Experience Counts!
    68 John W. Taylor Avenue
    Alliston · Ontario · Canada · L9R 0E1 · gerry.lowry@abilitybusinesscomputerservices.com

    Websites:
    http://abilitybusinesscomputerservices.com
    http://gerrylowryprogrammer.com ~~ résumé & testimonials
    http://veganoccasions.com ~~ recipes
  • Re: Delete Record from an ActionLink

    11-05-2009, 8:58 AM
    Answer
    • Participant
      1,826 point Participant
    • bradwils
    • Member since 05-19-2008, 1:08 PM
    • Redmond, WA
    • Posts 274
    • AspNetTeam

    CodeHobo:

    Dave - Maybe you can address this by changing the design so that the action link goes to a "are you sure you want to delete?" page (as an http GET which is fine in this case since it's not changing data). Then on that page you would do a form post that calls the delete action method with an http post.

    The other option would be to include a hidden form  with hidden fields on the page and have the link fire off some javascript that basically populates values into the hidden fields and submits the form.

    Why not do both? Have the link point off to a confirmation page that's only used when Javascript is disabled, and then a bit of onclick handling which posts a form to the same place the confirmation page would've posted to? Then you get 95% of your users having a clickable link which deletes directly, you're safe w/ idempotency (and spiders and pull-ahead browsers), and most of your users get a nice clean link-oriented UI.

    Don't forget when using Javascript to also do a prompt before deleting (or, better, offer an undo option like applications like Gmail do).

    Senior developer on the ASP.NET MVC team
Page 1 of 1 (8 items)