Reputation: 2133
What is the most standard way to persist data between MVC views?
I'm creating a system using ASP.NET MVC for filling out online job applications. It's really just an experiment to familiarize myself with the MVC framework. I'm definitely not a security expert so I just wanted to get some advice here since this web app will be dealing with sensitive information.
The system has a wizard-like set of views. You go from one view to the next filling out the relevant information until the end when you finally submit it.
Each job application is stored in the database with a GUID primary key. Right now I am simply storing that GUID in a hidden field in the view of each page. This makes it easy to update the model in the controller like so:
[HttpPost]
public ActionResult ExampleAction(FormCollection formValues)
{
Guid appId = new Guid(Request.Form["ModelId"]); // the GUID stored in the hidden field
ExampleModel example = db.Entities.Single(e => e.ModelId == appId);
UpdateModel(example, formValues);
db.SaveChanges();
return RedirectToAction("ExampleAction2", new { appId = appId.ToString() });
}
I know this is not secure because anyone with any kind of development experience knows you can edit the values of hidden fields in any browser's developer tools. So what's the recommended way to securely get the same results?
Upvotes: 4
Views: 11819
Answers (3)
Reputation: 3546
I know this has been answered, just for interest sake I want to leave another option. How you could go about it is parsing the information you get from the first view as a JSON string that you can store in a cookie and then later serialize it when you need it.
This is asuming that the information is safe to store client side. Otherwise it could be an encrypted cookie I suppose. This would address the concerns for cloud computing and load balancers etc.
Upvotes: 1
Reputation: 65079
Why not post to each step instead of using RedirectToAction? That way you can create a model that contains each step.. for example:
class JobApplicationViewModel
{
public Guid ApplicationGuid { get; set; }
public StepOne Step1 { get; set; }
public StepTwo Step2 { get; set; }
public int CurrentStep { get; set; }
}
The step 1 view can post to step 2.. for example:
[HttpPost]
public ViewResult StepTwo(JobApplicationViewModel viewModel)
{
ServiceLayer.Update(viewModel);
return View(viewModel);
}
Then, the StepTwo view posts to StepThree, StepThree posts to Step4, etc. This makes sense logically, as you're only allowing people to get to any step beyond step 1 by posting the form.
Upvotes: 0
Reputation: 4081
You should store it in the Session object. That way, you can call it at anytime from anywhere and it will never display on any of your views. The doc: http://msdn.microsoft.com/en-us/library/ms178581.aspx
Upvotes: 4
Related Questions
- Maintaining data between views in mvc4
- .NET MVC and securely passing data between pages
- What is the best way to persist data between several views
- Preserve data in .net mvc
- How can I persist data between two completely different views in ASP.NET MVC 4?
- how to store data in mvc for using it the across application
- persisting data in mvc
- Most secured way to persist data in ASP MVC
- Preserve data in MVC
- How do I persist a value accross views