ASP.NET MVC - How to use AntiForgeryToken during DevExpress callbacks

The Html.AntiForgeryToken method generates a hidden form field (anti-forgery token) that can be validated when the form is submitted. Call this method inside a DevExpress callback-aware extension to automatically send the token value with an extension callback.

Implementation Details

In this example, the Html.AntiForgeryToken method is called in a SetContent method handler.

@Html.DevExpress().CallbackPanel(settings => {
    settings.Name = "cp";
    settings.CallbackRouteValues = new { Controller = "Home", Action = "CallbackPanelPartial" };
    settings.SetContent(() => {
        ViewContext.Writer.Write(Html.AntiForgeryToken().ToHtmlString());
    });
}).GetHtml()

When a user clicks the button, the panel sends the token with a callback.

<input type="button" value="Perform Callback" onclick="cp.PerformCallback();" />

To check the value on the server, decorate the action method with the ValidateAntiForgeryToken attribute.

[ValidateAntiForgeryToken]
public ActionResult CallbackPanelPartial() {
    System.Threading.Thread.Sleep(1000);
    return PartialView();
}

Files to Review

• HomeController.cs (VB: HomeController.vb)
• CallbackPanelPartial.cshtml
• Index.cshtml

More Examples

• Grid for ASP.NET MVC - How to use AntiForgeryToken with CRUD operations

Does this example address your development requirements/objectives?

(you will be redirected to DevExpress.com to submit your response)