Search code examples
c#formsasp.net-core-mvc

Pass form's hidden input value in query string with ASP.NET Core MVC view

I have a form for forgotten password resets. I need to pass the access token in the query. The access token is stored in a hidden input.

<form asp-action="UpdatePassword" asp-controller="Account" method="post" autocomplete="on" name="login">
    <fieldset>
        <input type="hidden" value="@ViewData["AccessToken"]" /> @*Need to pass this in the query as access_token*@

        <div class="field">
            <input type="password" placeholder="New password" asp-for="Password" autocomplete="new-password" name="access_token" />
            <span asp-validation-for="Password" class="text-danger"></span>
        </div>
    </fieldset>

    <button type="submit">Reset password</button>
</form>
Solution

  • UPDATE

    I understand your need. You want to retrieve the token without adding useless parameters in your action.

    You could try javascript way, to append the token to the url.

    view

    <form id="ResetForm" asp-action="UpdatePassword" asp-controller="Account" method="post" autocomplete="on" name="login">
    <fieldset>
        <input type="hidden" id="access_token" value="@ViewData["AccessToken"]" /> @*Need to pass this in the query as access_token*@
        <div class="field">
            <input type="password" placeholder="New password" asp-for="Password" autocomplete="new-password" />
            <span asp-validation-for="Password" class="text-danger"></span>
        </div>
    </fieldset>

    <button type="submit">Reset password</button>
</form>

<script>
    document.getElementById('ResetForm').addEventListener('submit', function(e) {
        e.preventDefault();
        var form = e.target;
        var accessToken = document.getElementById('access_token').value;
        var actionUrl = form.action;

        actionUrl += (actionUrl.indexOf('?') === -1 ? '?' : '&') + 'access_token=' + encodeURIComponent(accessToken);
        form.action = actionUrl;
        form.submit();
    });
</script>

    action no more token parameter

    [HttpPost]
[Authorize]
public IActionResult UpdatePassword(PasswordModel model){}

    Then your scheme can retrieve the token.

    enter image description here

    If I misunderstand your issue, please correct me. Here is a sample.

    AccountController.cs

    // call this action to reset the password
[HttpGet]
public IActionResult ResetForgottenPassword(string token)
{
    // previous logic

    ViewData["AccessToken"] = token;
    return View(new PasswordModel());
}

    Pass the token in query

    https://localhost:7107/account/ResetForgottenPassword?token=$%*$^$&@#

    ResetForgottenPassword.cshtml

    @model PasswordModel
@{
    ViewData["Title"] = "Reset Forgotten Password";
}

<h2>Reset Forgotten Password</h2>

<form asp-action="UpdatePassword" asp-controller="Account" asp-route-access_token="@ViewData["AccessToken"]" method="post" autocomplete="on" name="login">
    <fieldset>
        <div class="field">
            <input type="password" placeholder="New password" asp-for="Password" autocomplete="new-password" />
            <span asp-validation-for="Password" class="text-danger"></span>
        </div>
    </fieldset>

    <button type="submit">Confirm</button>
</form>

    PasswordModel.cs

    [Required]
[DataType(DataType.Password)]
[Display(Name = "Reset Password")]
public string Password { get; set; }

    enter image description here

    Then, in your UpdatePassword action, the token is passed.

    enter image description here