locked
Cannot submit partial view with AllowAnonymous attribute in controller action mvc RRS feed

  • Question

  • User1878001738 posted

    Hi,

    I encountered a problem in submitting the partial view and whenever i try to debug, it doesn't step over my post action in the controller when i click the submit button in the page.

    CONTROLLER

    [HttpGet]
    [AllowAnonymous]
    public ActionResult LinkPatientORDoctorAccount()
    {
       ViewBag.UserType = Session["UserType"];
    
       return PartialView("_LinkPatientORDoctorAccount");
    }
    
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult LinkPatientORDoctorAccount(UserLinkedAccountsDTO userLinkAccountsDTO) 
    LinkingOfAccounts linkAccounts = new LinkingOfAccounts();
    userLinkAccountsDTO.userType = (string)Session["UserType"];
    userLinkAccountsDTO.personId = (Guid)Session["PersonId"];
    
    if (ModelState.IsValid)
    {
    
    if (userLinkAccountsDTO.userType == "Employee")
    {
    userLinkAccountsDTO.employeeNumber = linkAccounts.GetPrimaryAccount(userLinkAccountsDTO.personId);
    if (linkAccounts.isCredentialValid(userLinkAccountsDTO.userType, userLinkAccountsDTO.employeeNumber, userLinkAccountsDTO.dateOfBirth))
    {
    if (linkAccounts.IsAlreadyLinked(userLinkAccountsDTO.userType, userLinkAccountsDTO.personId))
    {
    FlashMessage.Danger("An account is already linked as Patient.");
    }
    
    try
    {
    linkAccounts.AddToUserLinkedAccounts(userLinkAccountsDTO.userType, userLinkAccountsDTO.employeeNumber, )
    }
    }
    }
    }
    
    return RedirectToAction("LinkPatientORDoctorAccount", userLinkAccountsDTO);
    }
    
    
    
    

    VIEW

    @model ApplicationCore.DataTransferObjects.UserLinkedAccountsDTO
    
    
    <div id="linkPatientORDoctorAccountDiv">
        <center> <span class="fontStyleOpenSans" style="font-size:22px;color:#414141!important">Linking of Accounts</span><br /><br /></center>
    
        <div class="row">
            <div class="col-lg-12 col-md-12 col-sm-12">
                <div class="alert alert-success" role="alert" style="font-size:13px">
                    You already activated your account as <strong style="font-size:13px;">@ViewBag.UserType</strong>. You can link your other accounts to alternatively use for Login and to enable other features of the application.
                </div>
            </div>
        </div>
    
        <div class="row">
            <div class="col-lg-12 col-md-12 col-sm-12">
                <div class="alert alert-info" role="alert" style="font-size:13px;">
                    <strong style="font-size:13px;">Note: &nbsp;</strong> Kindly input your hospital number to link your patient account, or your doctor number to access features available for doctors (if there's any). You can still skip on this process if you want and later, you may still have an option to link your other accounts inside the application.
                </div>
            </div>
        </div>
    
        @using (Ajax.BeginForm("LinkPatientORDoctorAccount", "Account", new AjaxOptions { HttpMethod = "POST", UpdateTargetId = "linkPatientORDoctorAccountDiv" }))
        {
            @Html.AntiForgeryToken()
    
            <div class="row">
                <div class="col-lg-6 col-md-6 col-sm-6">
                    <label style="font-size:14px !important;margin-bottom:0px !important;">Hospital Number</label><br />
                    @Html.TextBoxFor(a => a.hn, new { @class = "form-control fieldText", @id = "hospitalNum_linkPatientORDoctor", @autocomplete = "off", @style = "font-size:14px !important;" })
                </div>
                <div class="col-lg-6 col-md-6 col-sm-6">
                    <label style="font-size:14px !important;margin-bottom:0px !important;">Doctor Number</label><br />
                    @Html.TextBoxFor(a => a.doctorNumber, new { @class = "form-control fieldText", @id = "doctorNum_linkPatientORDoctor", @autocomplete = "off", @style = "font-size:14px !important;" })
                </div>
            </div>
    
            <br />
            <div class="row">
                <div class="col-lg-12 col-md-12 col-sm-12">
                    <label style="font-size:14px !important;margin-bottom:0px !important;">Date of Birth</label>
                    <label style="font-size:12px;color:#a5a5a5;font-weight:400 !important;">(Format: DD/MM/YYYY)</label><br />
                    <div class="input-group date" id="dob_linkPatientORDoctor">
                        @Html.TextBoxFor(a => a.dateOfBirth, new { @class = "form-control field", @id = "dateOfBirth", @placeholder = "Click icon to select date of birth", @style = "font-size:14px !important;color:#6c757d !important;" })
                        <span class="input-group-addon btn" style="background-color:#e9ecef !important;border: solid 1px #ced4da !important;border-top-left-radius: 0 !important;border-bottom-left-radius: 0 !important;border-left: hidden !important;">
                            <span class="fa fa-calendar"></span>
                        </span>
                    </div>
                </div>
            </div>
    
            <br /><br />
            <div class="row">
                <div class="col-lg-12 col-md-12 col-sm-12">
                    <div style="float:right !important;">
                        <button type="submit" class="btn btn-success" id="saveLinkPatientORDoctorBtn" style="font-size:13px;width:100px;">LINK</button>&nbsp;
                        <button type="button" class="btn btn-danger" style="font-size:13px;width:100px;" id="skipLinkPatientORDoctorBtn">SKIP</button>
                    </div>
                </div>
            </div>
        }
    
    
    
    
    </div>

    If I removed the AllowAnonymous attribute, my partial view is not rendered in the page.

    What am I missing?

    Thanks in advance.

    Thursday, March 14, 2019 7:57 AM

All replies

  • User475983607 posted

    If I removed the AllowAnonymous attribute, my partial view is not rendered in the page.

    The user is not authenticated.  Since you are using client side AJAX, open the console or network view in the browser's dev tools (F12).  You'll most likely see 401 errors. 

    Try logging in first otherwise explain how the security is designed to work.

    Thursday, March 14, 2019 1:49 PM