开发者

How to RESTful delete record Asp.Net Mvc 2

开发者 https://www.devze.com 2022-12-31 21:59 出处:网络
I have delete links in my Asp.Net Mvc2 application. /{controller}/Delete/{id} It seems using link to delete has a security risk. Don’t use Delete Links because they create Security Holes

I have delete links in my Asp.Net Mvc2 application.

/{controller}/Delete/{id}

It seems using link to delete has a security risk. Don’t use Delete Links because they create Security Holes

I found this Implementing RESTful Routes & Controllers in ASP.NET MVC 2.0 but I am not sure how to implement a simple delete functionality using the开发者_运维问答 new HttpDeleteAttribute class.

Are there any examples on deleting, the RESTful approach?


The RESTful approach to a Delete is to send enough information to identify the resource and use the HTTP command DELETE (or some alternative for web pages). But all of that is detailed in the article, so I don't think that's what you're really asking.

If you mean "What do I do instead of a Delete link?", the answer is usually to go to a "Are you sure you want to delete Product 8496?" form where the button's action POSTs the delete request. That form can either be on a new page or a modal popup, or both if you want to combine usability and accessibility.


It's a (more of) a security risk if you dont use the [HttpPost] attribute on the controller.

Besides that, your approach isn't a restful one.

The idea is that you have just one Url that can be passed different Http Verbs which are implicit

Return all: /Product/ [HttpGet]

Return One: /Product/43 [HttpGet]

Add : /Product/ (Product info in form post) [HttpPut] or [HttpPost]

Delete: /Product/43 [HttpDelete]

You can do this using MVC in the standard form or JQuery

And to answer the question: Add a delete link like this Delete Product but hook into it using the JQuery live events so that it hijacks the click using .preventDefault, then call the url as an ajax request with a DELETE verb.

Need more help let me know

0

精彩评论

暂无评论...
验证码 换一张
取 消