Hi
I have the following page.
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="DKTest.aspx.cs" Inherits="FMI.WSMplannet.Web.DKTest" %>
<!DOCTYPE html>
<html xmlns="">www.w3.org/.../xhtml"><head runat="server"> <title></title></head><body> <form id="form1" runat="server">
<asp:ScriptManager runat="server" ID="scriptmanager1">
</asp:ScriptManager> <h1>DK TEst</h1>
<ig:WebDatePicker ID="wdp" runat="server" > </ig:WebDatePicker> </form></body></html>
Which works fine. I can click on the arrow on the right of the text box and a little calendar popup displays.
However when I add in cross-site forgery protection by adding a anti-forgery token and validating it like this.
<ig:WebDatePicker ID="wdp" runat="server" > </ig:WebDatePicker> <%= System.Web.Helpers.AntiForgery.GetHtml() %> </form></body></html>
and this.
using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Helpers;using System.Web.UI;using System.Web.UI.WebControls;
namespace FMI.WSMplannet.Web { public partial class DKTest : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if(IsPostBack) { AntiForgery.Validate(); } }
}}
The date picker fails. It now longer brings up a calendar popup when I click on the right-hand side arrow.
Hello David,
After investigating this further, I determined that AntiForgery token could be set in the code behind. This could be achieved by adding a div tag with an id and runnat attribute in the form:
<form id="form1" runat="server">
<div id="AntiForgeryDiv" runat="server"></div>
<ig:WebScriptManager ID="WebScriptManager1" runat="server"></ig:WebScriptManager>
<ig:WebDatePicker ID="WebDatePicker1" runat="server">
</ig:WebDatePicker>
</form>
And setting the AntiForgery.GetHtml() to the innerHtml of the div in the Page_Init method:
protected void Page_Init(object sender, EventArgs e)
{
AntiForgeryDiv.InnerHtml = AntiForgery.GetHtml().ToString();
}
protected void Page_Load(object sender, EventArgs e)
if (IsPostBack)
AntiForgery.Validate();
By adding the AntiForgery the following way, the calendar of the WebDatePicker is opened as expected.
Please let me know if you need any further information regarding this matter.
Regards,
Monika Kirkova,
Infragistics
I'm also wondering if the page_init code should be
protected void Page_Init(object sender, EventArgs e) { if(!IsPostBack) { AntiForgeryDiv.InnerHtml = AntiForgery.GetHtml().ToString(); } }
That way I'm not generating a new anti-forgery token for each postback.
what do you think?
The calendar of the WebDatePicker was not opening on click because the server side code expression <%=…%> was used. This is a problem/ limitation with Microsoft and ASP.NET. When having server side expressions (<%...%> http://stackoverflow.com/questions/6365017/asp-net-server-side-code-block-explanations), it is illegal to modify the parent's controls collections if siblings have that code and dynamically created controls are blocked.
When WebDatePicker does not have explicit calendar, then a single shared calendar is created dynamically. But in case of <%=...%>, that becomes not possible, because the server raises an exception. The WebDatePicker suppresses that exception, but that does not help to create a calendar.
As a workaround for this limitation I could suggest defining a WebMonthCalendar and binding the created calendar to the WebDatePicker:
<ig:WebDatePicker ID="WebDatePicker1" runat="server" DropDownCalendarID="WebMonthCalendar1">
<ig:WebMonthCalendar ID="WebMonthCalendar1" runat="server"></ig:WebMonthCalendar>
Regarding your second question, you are right, the new anti forgery token could be created only on the first initialization of the page and not on every postback.