ASP.NET Core offers attributes such as [HttpGet] and [HttpPost] that allow you to restrict the HTTP verbs used to invoke an action. You can also use HttpRequest object's Method property to detect the HTTP verb behind the current request. However, at times you need to know whether a request is an Ajax request or not. You may also need to restrict an action only to Ajax calls. Although thee is no inbuilt way to accomplish this task, you can easily implement such a feature in your application. This article discusses how.

Detecting HTTP method and Ajax request

In order to know the HTTP method being used by the current request you can use the following line of code :

string method = HttpContext.Request.Method;

The HttpRequest object's Method property returns HTTP verb being used by the current request such as GET and POST.

Detecting whether a request is an Ajax request or not requires a bit of different code. The Method property will return the HTTP method whether a request is an Ajax request or otherwise. So, you need to check a special HTTP header. The following line of code shows that :

string requestedWith =

HttpContext.Request.Headers["X-Requested-With"];

The X-Requested-With header returns a string that indicates whether it's an Ajax request or not. An Ajax request will have this header set to XMLHttpRequest. This header value won't be present for normal GET and POST requests (non-Ajax requests).

Ok. So, how do we ensure that our action code gets invoked only if it's an Ajax request. Let's write a fragment of code :

public IActionResult Index()

{

    string method = HttpContext.Request.Method;

    string requestedWith =

HttpContext.Request.Headers["X-Requested-With"];

    if (method=="POST")

    {

        if(requestedWith == "XMLHttpRequest")

        {

            // code goes here

        }

    }

    return View();

}

Suppose we want to ensure that our action code gets executed only when it's an Ajax POST request. The above piece of code does just that.

Extension method that detects an Ajax request

Although the above piece of code works as expected, it lacks reusability. Let's make it easy to use by wrapping it in an extension method to HttpRequest object.

public static class HttpRequestExtensionMethods

{

    public static bool IsAjax(this

HttpRequest request, string httpVerb = "")

    {

        if (request == null)

        {

            throw new ArgumentNullException

("Request object is Null.");

        }

        if (!string.IsNullOrEmpty(httpVerb))

        {

            if (request.Method != httpVerb)

            {

                return false;

            }

        }

        if (request.Headers != null)

        {

            return request.Headers["X-Requested-With"]

== "XMLHttpRequest";

        }

        return false;

    }

}

The above code defines an extension method called IsAjax() on the HttpRequest object. The IsAjax() method also takes httpVerb parameter that can be used to specify an HTTP verb such as GET or POST.

The second if condition checks whether current request's HTTP method matches with what has been provided in the IsAjax() method's httpVerb parameter. If it doesn't a value of false is returned to the caller.

The third if condition checks whether the request is an Ajax request or not. It does so using the X-Requested-With header. If X-Requested-With header value is not XMLHttpRequest we return false.

Once this extension method is added you can see it in the controller like this :

And you can use it like this :

bool isAjax = HttpContext.Request.IsAjax("POST");

The above call to IsAjax() returns true only if the request under consideration is an Ajax POST request.

Creating custom [Ajax] attribute

So far so good. Let's improvise our code further. We will now wrap the Ajax checking logic in a custom attribute named [Ajax] so that you can use it like this :

As you can see the GetEmployee() action is decorated with [Ajax] attribute. And the HttpVerb property of [Ajax] is set to GET.

The [Ajax] attribute ensures that GetEmployee() is invoked only if the request is an Ajax GET request.

Let's dissect the code that makes the [Ajax] attribute:

public class AjaxAttribute : ActionMethodSelectorAttribute

{

    public string HttpVerb { get; set; }

    public override bool IsValidForRequest

(RouteContext routeContext, ActionDescriptor action)

    {

        return routeContext.HttpContext.

Request.IsAjax(HttpVerb);

    }

}

Here, we create AjaxAttribute class, a custom ActionMethodSelectorAttribute. This attribute does the conditional checking of whether a request is an Ajax request or not.

The [Ajax] has HttpVerb property and it also overrides the IsValidForRequest() method. Inside we simply call IsAjax() extension method we created earlier. You can also put the entire request checking logic inside the IsValidForRequest() method.

Testing our code

In order to test our code let's make an Ajax GET and POST request to the GetEmplooyee() action. Notice that the GetEmployee() returns a JSON with certain EmoployeeID, FirstName, and LastName.

<h1>Welcome!</h1>

<button type="button" id="button1">Make Ajax Call</button>

<form method="post" action="/home/GetEmployee">

    <button type="submit" id="button2">Submit Form</button>

</form>

The above markup is from Index.cshtml. It shows two <button> elements - one making Ajax request and the other making normal non-Ajax POST request.

A dash of jQuery code is used to make a GET request to the GetEmployees() :

$(document).ready(function () {

    $("#button").click(function () {

        $.get("/home/GetEmployee", function (data) {

            alert(data.employeeID + " " +

            data.firstName + " " +

            data.lastName);

        });

    });

});

I won't go into the details of this jQuery code since it is quite straightforward. If suffices to say that the code code attempts to calls the GetEmployee() action using GET method.

The following figure shows a sample run of the page.

What if we make a non-Ajax POST request? See the following run :

As you can see, this time the server returns HTTP status code 404. That's because the request is not an Ajax request. Moreover it's a POST request. So, the [Ajax[ is going to treat it as an invalid request and won't allow the GetEmployees() to execute.

That's it for now! Keep coding !!

Allow Only Ajax Requests For An Action In ASP.NET Core的更多相关文章

  1. Ajax跨域问题及解决方案 asp.net core 系列之允许跨越访问(Enable Cross-Origin Requests:CORS) c#中的Cache缓存技术 C#中的Cookie C#串口扫描枪的简单实现 c#Socket服务器与客户端的开发(2)

    Ajax跨域问题及解决方案   目录 复现Ajax跨域问题 Ajax跨域介绍 Ajax跨域解决方案 一. 在服务端添加响应头Access-Control-Allow-Origin 二. 使用JSONP ...

  2. [React] Create a queue of Ajax requests with redux-observable and group the results.

    With redux-observable, we have the power of RxJS at our disposal - this means tasks that would other ...

  3. MVC中使用Ajax提交数据 Jquery Ajax方法传值到action

    Jquery Ajax方法传值到action <script type="text/javascript"> $(document).ready(function(){ ...

  4. 再谈Jquery Ajax方法传递到action 【转载】

    原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 .作者信息和本声明.否则将追究法律责任.http://cnn237111.blog.51cto.com/2359144/984466 之 ...

  5. 再谈Jquery Ajax方法传递到action(转)

    之前写过一篇文章Jquery Ajax方法传值到action,本文是对该文的补充. 假设 controller中的方法是如下: public ActionResult ReadPerson(Perso ...

  6. 转 Using $.ajaxPrefilter() To Configure AJAX Requests In jQuery 1.5

    Using $.ajaxPrefilter() To Configure AJAX Requests In jQuery 1.5 Posted February 18, 2011 at 6:29 PM ...

  7. Ajax跨域请求action方法,无法传递及接收cookie信息(应用于系统登录认证及退出)解决方案

    最近的项目中涉及到了应用ajax请求后台系统登录,身份认证失败,经过不断的调试终于找到解决方案. 应用场景: 项目测试环境:前端应用HTML,js,jQuery ajax请求,部署在Apache服务器 ...

  8. ASP.NET Core 1.0中实现文件上传的两种方式(提交表单和采用AJAX)

    Bipin Joshi (http://www.binaryintellect.net/articles/f1cee257-378a-42c1-9f2f-075a3aed1d98.aspx) Uplo ...

  9. Upload Files In ASP.NET Core 1.0 (Form POST And JQuery Ajax)

    Uploading files is a common requirement in web applications. In ASP.NET Core 1.0 uploading files and ...

随机推荐

  1. (五)surging 微服务框架使用系列之缓存-reids

    1.服务跟客户端初始化的时候需要添加缓存配置 var host = new ServiceHostBuilder() .RegisterServices(builder => { builder ...

  2. 基于Socket通讯(C#)和WebSocket协议(net)编写的两种聊天功能(文末附源码下载地址)

    今天我们来盘一盘Socket通讯和WebSocket协议在即时通讯的小应用——聊天. 理论大家估计都知道得差不多了,小编也通过查阅各种资料对理论知识进行了充电,发现好多demo似懂非懂,拷贝回来又运行 ...

  3. java 深克隆(深拷贝)与浅克隆(拷贝)详解

    java深克隆和浅克隆 基本概念 浅复制(浅克隆) 被复制对象的所有变量都含有与原来的对象相同的值,而所有的对其他对象的引用仍然指向原来的对象.换言之,浅复制仅仅复制所拷贝的对象,而不复制它所引用的对 ...

  4. MySQL数据连表查询思路

    我们在网站开发中,涉及MySQL数据库查询时,常常需要将两个表或多个表联合起来进行查询数据,这就用到了MySQL中的JOIN函数. JOIN函数有三种,分别是: LEFT JOIN  左连接查询: 查 ...

  5. servlet与jsp篇(一)$.ajax交互

    servlet其实是利用java类编写的服务器端应用程序,他的生命周期可以分为三个阶段:初始化阶段.运行阶段和消亡阶段; jsp页面实质上是一个HTML页面,但他包含了用户产生动态网页内容的java代 ...

  6. appium+python搭建自动化测试框架_TestAPP框架(三)

    Pycharm 创建 Project,搭建 APPTEST框架如下图:   1.框架功能 业务功能的封装 测试用例封装 测试包管理 截图处理 断言处理 日志获取 测试报告生成 数据驱动 数据配置 2. ...

  7. VS打开项目或解决方案卡死,一直处于未响应状态。

    1.背景:接手公司新项目时,无论用vs2013还是用vs2017都打开不了 2.解决办法:先把.suo文件删掉, 结果:vs2013可以打开,vs2017依旧打不开. 3.继续解决:上网搜了一下,把隐 ...

  8. 安装Docker时错误提示 "could not change group /var/run/docker.sock to docker: group docker not found"的解决方案

    安装Dock服务,主要命令是  yum install docker. 但是在启动的时候报错:warning msg="could not change group /var/run/doc ...

  9. cvc-elt.1: Cannot find the declaration of element 'beans'Failed to read schema document 'http://www.springframework.org/schema/beans/spring- beans-3.0.xsd'

    Multiple annotations found at this line: - cvc-elt.1: Cannot find the declaration of element 'beans' ...

  10. [20190418]exclusive latch spin count.txt

    [20190418]exclusive latch spin count.txt--//昨天测试"process allocation" latch,主要这个latch与其它拴锁s ...