What can I use to replace the Hidden input in ASP NET MVC?

Asked

Viewed 300 times

1

I have a difficult mission that is to pass a system of webforms to MVC, the system with webforms has many input hiddens that store basic information such as session hash and user code, but like me, in my humble opinion, I find it kind of insecure and even laborious to use input hiddens in MVC, I can use something else instead?

Thank you!

  • Honestly I didn’t understand the insecurity, laborious part that differs it from Webforms to MVC. Trivially speaking there is no way to avoid such doubt, you might then pose why you find insecure and laborious, with an example???

2 answers

4


You can use the object Session to store user information.

The Session object allows the developer to obtain the data, previously persisted in the session, for a specified time in the Session (default 20 minutes). But, use this feature sparingly, storing only your user’s required data, since Session data is stored by default in memory, many data may trigger scalability issues.

//Variáveis do usuário
string firstName = "Jeff";
string lastName = "Smith";
string city = "Seattle";

//Salvando informações na sessão.
Session["FirstName"] = firstName;
Session["LastName"] = lastName;
Session["City"] = city;

//Lendo variáveis da sessão.
firstName = (string)(Session["FirstName"]);
lastName = (string)(Session["LastName"]);
city = (string)(Session["City"]);

Example:

public class MeuController
{
    //Trabalhando com a session em uma propriedade do controller
    public static Pessoa dadosPessoa
    {
        get
        {
             if(Http.Context.Current.Session["pessoaX"] == null)
             {
                 Pessoa p = new Pessoa();
                 //Cria uma variável na session chamada pessoaX contendo um objeto p
                 Http.Context.Current.Session["pessoaX"] = p;
                 return p;    
             }
             else
             {
                 return (Pessoa)Http.Context.Current.Session["pessoaX"];
             }
         }
    }

    public ActionResult Index()
    {
         //Recuperando dados previamente persistidos na sessão
         var pessoa = (Pessoa)(Session["pessoaX"]);

         var lista = obterDadosRepositorio(pessoa);
         return View("Index", lista)    
    }

} 

//Acessando dados na view com Razor
@{ var sessionVar = Session["pessoaX"]; }

ou 

<%= this.Session["pessoaX"] %>

When a user logs into your application, you could populate and add an object with that user’s data in Section and recover when desired.

  • I’ll do it ! Thank you!

  • 3

    It is good to remember that, although correct, this approach is already outdated and the use of Sessions in this way should be discouraged, in favor of classes such as Request and User.

  • Viewbag, Viewdata are most suitable.

3

There is no reason to feel this lack of security. It should only be exposed in View data that can be manipulated by it.

In the case of Webforms, what happens is that this information is written on View by a Framework limitation, and not because necessarily the Framework is more secure. For example, in MVC you don’t need to use session Hash because all the information you need can be accessed through higher level classes like Request and implementing classes IPrincipal. The latter stores user information and can be extended.

In any case, if there are doubts in this conversion process, you can ask specific questions about any step you are having difficulty with. The community here will present answers so that you solve your problem in the best way possible.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.