Some more context could help. I fail to see how it would generally "simplify development in ASP.NET Core".
It seems you rather have some very particular problem you should discuss directly. You are trying to build a full http request payload for uploading a file from your server to a 3rd party server? The boundary should be random enough so that it couldn't be
found elsewhere in the content. In most if not all cases you would use anyway a library that handles that for you and as most of the source is open now, if you really want you could have a look at how the boundary value is generated.
I ask this question because I have read some articles about how to make a form including uploaded file and i have make some test to understand how post request is made in asp.net core.
I have difficulties to do post request using my Angular SPA to my asp.net core api controller...
I ask this question in a first step to understand how post request works. To understand if it's intresting to generalize all form like that to have all form working on the same way. But I'm looking for default behavior...
But my goal is simply to understand how to use post method in my controller and how to set it to work from post request made from my angular application. (Antiforgerytoken; cookies and authorization token requirement; ...).
IMO do things the other way round ie give details about the problem you have when posting form data to your ASP.NET Core API using Angular and make it work. Use possibly F12 tools and the console or network tab to spot JavaScript errors or to see what happens
with the http request you are sending. The first step would be to inspect what happens exactly for now to fully understand the problem you are trying to solve.
If curious you can always use F12 or read something such as
https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages (including "Multiple-resource bodies") to better grasp what happens behind the scene but it's unlikely useful right now
(I maybe defined one time my own boundary in my whole career). Nothing seems to tell you have a problem with a boundary or maybe you have explicit code trying to parse the incoming query when you have built-in mechanism doing that at a much higher level. Maybe
your problem is even entirely unrelated to that.
Maybe point us to the article you shown so that one cvan see if it should/does work or if maybe it is misleading ?
Edit: I expect the browser to generate a fairly unique value (such as a guid or a quite long random number) for each and every http request. The other side just reads this boundary information to check where the current part ends. All this should happen
largely behind the scene without ever having to explicitly deal with that particular point.
ModelState.IsValid is just the model binding of the post data results. again its unrelated to the form type. the content-type of the post data should inform the controller how to parse the post data. form and json are supported out of the box (xml requires
requres additional configuration). if the binding is failing, then the binding model does not match the posting data.
A bit like EF, ASP.NET have built in support for deserialization/serialization so that your controller code can deal directly with the object you are interested in without having to handle those details So what if you try something such as;
[HttpPost]
public async Task<ActionResult<ContactResult>> Post(ContactFormDataModel contact)
{
// drop the deserialization code, this is handled for you by EF
// not sure what you return
}
Make sure property names are matching. Yo should have a non null contact and inspect properties to see if they are populated correctly. Does it work?
Similarly you can define settings once for the whole app at startup rather than in each and every control to end up with code that just does what you need on objects and deserizalation/serialization being handled being the scene for you.
Yes. All work nice now. I have just a last question about the ModelState. The doc say:
Web API controllers don't have to check ModelState.IsValid if they have the [ApiController] attribute. In that case, an automatic HTTP 400 response containing
error details is returned when model state is invalid. For more information, see Automatic HTTP 400 responses.
In my case I ask me if I have to validate the posted data to prevent things like a bad fomatting... It's an API controller using [ApiController]. My SPA Application do this but this method is allowed for no logged in users. I just use the antiforgery validation...
is this enough to avoid having to do a second validation of the data?
In my case I ask me if I have to validate the posted data to prevent things like a bad fomatting... It's an API controller using [ApiController]. My SPA Application do this but this method is allowed for no logged in users. I just use the antiforgery validation...
is this enough to avoid having to do a second validation of the data?
Model validation and antiforgery tokens are two different platform features. Antiforgery mitigates cross site scripting vulnerabilities. If you want this feature then add it to your design.
Model validation and antiforgery tokens are two different platform features. Antiforgery mitigates cross site scripting vulnerabilities. If you want this feature then add it to your design.
Off course they are different. But if you think in an HTTP POST context of an endpoint. Given that I accept unauthenticated user. With antiforgery token I ensure that the method can't be fire by someone directly and result a success... But you should understand
my algorythm at all for that. Sorry for not providing the corrected code with the addition of the attribute [ValidateAntiforgeryToken].
I mark as resolved the subject which gets lost a bit from the context of my initial question. Thanks again for your precious help
Antiforgery is to ensure the request is not posted from a 3rd party site. A user (hacker style) could still use F12 tools and for example and post a string which is longer than the maximum length to see what happens or whatever. To me model validation is
basically unrelated and you should keep both.
As you told when dealing with a brand new topic it's best to close the discussion and syart another thread...
Member
8 Points
46 Posts
[asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 07:31 AM|BeRoots|LINK
Hi.
To symplify development in asp.net core 3, is it a good idea to make all my form with a 'multipart/form-data; boundary=ABC123' Content-Type ?
All-Star
48300 Points
18003 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 10:36 AM|PatriceSc|LINK
Hi,
Some more context could help. I fail to see how it would generally "simplify development in ASP.NET Core".
It seems you rather have some very particular problem you should discuss directly. You are trying to build a full http request payload for uploading a file from your server to a 3rd party server? The boundary should be random enough so that it couldn't be found elsewhere in the content. In most if not all cases you would use anyway a library that handles that for you and as most of the source is open now, if you really want you could have a look at how the boundary value is generated.
Member
8 Points
46 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 10:55 AM|BeRoots|LINK
I ask this question because I have read some articles about how to make a form including uploaded file and i have make some test to understand how post request is made in asp.net core.
I have difficulties to do post request using my Angular SPA to my asp.net core api controller...
I ask this question in a first step to understand how post request works. To understand if it's intresting to generalize all form like that to have all form working on the same way. But I'm looking for default behavior...
But my goal is simply to understand how to use post method in my controller and how to set it to work from post request made from my angular application. (Antiforgerytoken; cookies and authorization token requirement; ...).
All-Star
48300 Points
18003 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 12:31 PM|PatriceSc|LINK
IMO do things the other way round ie give details about the problem you have when posting form data to your ASP.NET Core API using Angular and make it work. Use possibly F12 tools and the console or network tab to spot JavaScript errors or to see what happens with the http request you are sending. The first step would be to inspect what happens exactly for now to fully understand the problem you are trying to solve.
If curious you can always use F12 or read something such as https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages (including "Multiple-resource bodies") to better grasp what happens behind the scene but it's unlikely useful right now (I maybe defined one time my own boundary in my whole career). Nothing seems to tell you have a problem with a boundary or maybe you have explicit code trying to parse the incoming query when you have built-in mechanism doing that at a much higher level. Maybe your problem is even entirely unrelated to that.
Maybe point us to the article you shown so that one cvan see if it should/does work or if maybe it is misleading ?
Edit: I expect the browser to generate a fairly unique value (such as a guid or a quite long random number) for each and every http request. The other side just reads this boundary information to check where the current part ends. All this should happen largely behind the scene without ever having to explicitly deal with that particular point.
Edit: typos
Member
8 Points
46 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 02:09 PM|BeRoots|LINK
Ok. Heri is my controller code: https://hastebin.com/famaqinoru.cs
Here is my angular service methode to post the form: https://hastebin.com/osoberajof.cs
I have remove some attribute like ValidateAntiForgeryToken and DisableFormValueModelBinding and the problem is more clear now.
I have a problem because the data parameter of Post() is empty (all fields are null). My request detail is bellow:
If someone have an idea why my payload properties are null in the Post() method ;)
All-Star
57874 Points
15507 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 03:22 PM|bruce (sqlwork.com)|LINK
Your sample post Is a json post not a form post at all. So how you define the form type is immaterial.
Member
8 Points
46 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 07:02 PM|BeRoots|LINK
I thought that by doing so I could take advantage of ModelState.IsValid
But I don't understand why the Post() method doesn't find the value. It's the same if I add [FromData] attibute
My new controller code: https://hastebin.com/aheqevejut.cs
All-Star
57874 Points
15507 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 25, 2019 08:39 PM|bruce (sqlwork.com)|LINK
ModelState.IsValid is just the model binding of the post data results. again its unrelated to the form type. the content-type of the post data should inform the controller how to parse the post data. form and json are supported out of the box (xml requires requres additional configuration). if the binding is failing, then the binding model does not match the posting data.
All-Star
48300 Points
18003 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 26, 2019 09:05 AM|PatriceSc|LINK
A bit like EF, ASP.NET have built in support for deserialization/serialization so that your controller code can deal directly with the object you are interested in without having to handle those details So what if you try something such as;
[HttpPost] public async Task<ActionResult<ContactResult>> Post(ContactFormDataModel contact) { // drop the deserialization code, this is handled for you by EF // not sure what you return }Make sure property names are matching. Yo should have a non null contact and inspect properties to see if they are populated correctly. Does it work?
Similarly you can define settings once for the whole app at startup rather than in each and every control to end up with code that just does what you need on objects and deserizalation/serialization being handled being the scene for you.
Member
8 Points
46 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 26, 2019 10:52 AM|BeRoots|LINK
Yes. All work nice now. I have just a last question about the ModelState. The doc say:
In my case I ask me if I have to validate the posted data to prevent things like a bad fomatting... It's an API controller using [ApiController]. My SPA Application do this but this method is allowed for no logged in users. I just use the antiforgery validation... is this enough to avoid having to do a second validation of the data?
All-Star
52221 Points
23297 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 26, 2019 02:51 PM|mgebhard|LINK
Model validation and antiforgery tokens are two different platform features. Antiforgery mitigates cross site scripting vulnerabilities. If you want this feature then add it to your design.
Member
8 Points
46 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 27, 2019 09:33 AM|BeRoots|LINK
Off course they are different. But if you think in an HTTP POST context of an endpoint. Given that I accept unauthenticated user. With antiforgery token I ensure that the method can't be fire by someone directly and result a success... But you should understand my algorythm at all for that. Sorry for not providing the corrected code with the addition of the attribute [ValidateAntiforgeryToken].
I mark as resolved the subject which gets lost a bit from the context of my initial question. Thanks again for your precious help
All-Star
48300 Points
18003 Posts
Re: [asp.net core 3.x] Forms in asp.net core...
Nov 27, 2019 09:58 AM|PatriceSc|LINK
Antiforgery is to ensure the request is not posted from a 3rd party site. A user (hacker style) could still use F12 tools and for example and post a string which is longer than the maximum length to see what happens or whatever. To me model validation is basically unrelated and you should keep both.
As you told when dealing with a brand new topic it's best to close the discussion and syart another thread...