Uninted Updates In Asp.Net MVC

In this article we will understand if we don't want to update certain fields means Uninted Updates how we acheive that in Asp.Net MVC By Sagar Jaybhay.





Uninted Updates





In the previous article, we know how to Edit the details but here as you see all fields are editable and you will able to change that all. but we don’t want to change that ID and Name field and want to mark this as read-only to do this we change the Html helper method from EditFor to DisplayFor.









By doing this we have below UI when we click on the Save button.









To overcome this we need to use HiddenField for code for this is below





@Html.ValidationSummary(true, "", new @class = "text-danger" )
 <div class="form-group">
 @Html.LabelFor(model => model.EmpID, htmlAttributes: new @class = "control-label col-md-2" )
 <div class="col-md-10">
 @Html.DisplayFor(model => model.EmpID, new htmlAttributes = new @class = "form-control" )
 @Html.HiddenFor(mode=>mode.EmpID)
 @Html.ValidationMessageFor(model => model.EmpID, "", new @class = "text-danger" )
 </div>
 </div>

 <div class="form-group">
 @Html.LabelFor(model => model.EmpName, htmlAttributes: new @class = "control-label col-md-2" )
 <div class="col-md-10">
 @Html.DisplayFor(model => model.EmpName, new htmlAttributes = new @class = "form-control" )
 @Html.HiddenFor(mode => mode.EmpName)
 @Html.ValidationMessageFor(model => model.EmpName, "", new @class = "text-danger" )
 </div>
 </div>




We able to save values and ID and Name is Uneditable our functionality is achieved but anyone can easily hack our application by using tools like fiddler and Postman.





How they can post requests from these tools as shown below. When you click F12 keys in chrome inspector window is open under this you need to click on network tab by doing so you will able to see calls which are generated by our site and simply copy request URL and parameters from their









See this image you can copy URL and Formsdata to the postman and you able to hack our application.









To Overcome this we need to UpdateModel overloaded method which allows us to define only that property that needs to update. Code for this is shown below





 [HttpPost]
 public ActionResult Edit(Employee employee)
 
 var emp = new BusinessLogic.Business().GetEmployee(employee.EmpID.ToString());



 UpdateModel(emp, new string[] "EmpSalary", "EmpGender", "EmpCity", "EmpEmail", "DepartmentID" );
 if (ModelState.IsValid)
 
 new BusinessLogic.Business().UpdateEmployee(emp);
 return RedirectToAction("DisplayCompleteEmployee");
 
 return View(employee);




In above code, we get Employee for that id which is present in database after that use UpdateModel method which has one overloaded version in which we can pass the what property we need to update give name array of that property in this we exclude EmpID and EmpName property.





It will use this from database which we retrieve and newly changed values from our edit view or PostMan request and UpdateEmployee method of Business class we pass an object which we created not which we took as a parameter so the only information we required that’s updated in the database.





Overloaded method of UpdateModel method which we can use is shown below





IncludeList or WhiteList





UpdateModel(Our_Model(in our case Employee),string[] includedProperties);




Excluded Propeties or BlackList





UpdateModel(Our_Model(in our case Employee),string prefix,string[] includedProperties,string [] excludedProperties);




Now our method becomes for this shown below





UpdateModel(Our_Model(in our case Employee),null,null,string [] “EmpName”,”EmpID”);




GitHub :- https://github.com/Sagar-Jaybhay/MVC5

Comments

Post a Comment

Popular posts from this blog

How to Start a YouTube Channel Free - Complete Guide

Image
Now a days YouTube is very popular, you many not find single person on earth who don’t know what YouTube is? so let’s understand answer of below three questions What is a YouTube channel?   What is the purpose of the YouTube channel? How to create a YouTube channel? Contents What is a YouTube channel? Purpose of You tube channel Ø      To Show case your talent to the world. Ø      Showcase your art. Ø      Sharing skill or Hobby. Ø      show information to the world and Sharing knowledge. Ø      Promoting your Business. Ø      earn money from youtube. Ø      Increase your social presence on world of internet. How to create YouTube channel?. Step 1 :  Create your Google account (Gmail account). 1.      Open Google signup account https://accounts.google.com/signup. 2.      filled and information and click on NEXT button. 3.      provide mobile number and click on NEXT button. 4.      enter OTP number sent on  phone number and click on NEXT button. 5.      Provide the Recovery mail and pe
Read more

How Angular know which module is the startup module?

Image
In this article, we will learn about How Angular 9 knows which module is the startup module and which is not ? Also, we will understand Which conventions Angular team Uses by Sagar Jaybhay . Which One is the startup Module? This is mentioned in the main.ts file and below is coed for this file. import enableProdMode from '@angular/core'; import platformBrowserDynamic from '@angular/platform-browser-dynamic'; import AppModule from './app/app.module'; import environment from './environments/environment'; if (environment.production) enableProdMode(); platformBrowserDynamic().bootstrapModule(AppModule) .catch(err => console.error(err)); platformBrowserDynamic is used to a bootstrap module. This used to set the first module. But another question is ..... How main.ts file is invoked in an angular application? The main.ts file is invoked by index.html file. But if you see the index.html file code we didn’t find any kind of script invocation code because t
Read more

How to Start a YouTube Channel Free - Complete Guide

Image
Now a days YouTube is very popular, you many not find single person on earth who don’t know what YouTube is? so let’s understand answer of below three questions What is a YouTube channel?   What is the purpose of the YouTube channel? How to create a YouTube channel? Contents What is a YouTube channel? Purpose of You tube channel Ø      To Show case your talent to the world. Ø      Showcase your art. Ø      Sharing skill or Hobby. Ø      show information to the world and Sharing knowledge. Ø      Promoting your Business. Ø      earn money from youtube. Ø      Increase your social presence on world of internet. How to create YouTube channel?. Step 1 :  Create your Google account (Gmail account). 1.      Open Google signup account https://accounts.google.com/signup. 2.      filled and information and click on NEXT button. 3.      provide mobile number and click on NEXT button. 4.      enter OTP number sent on  phone number and click on NEXT button. 5.      Provide the Recovery mail and pe
Read more