Pass form's hidden input value in query string with ASP.NET Core MVC view

Question

I have a form for forgotten password resets. I need to pass the access token in the query. The access token is stored in a hidden input.

<form asp-action="UpdatePassword" asp-controller="Account" method="post" autocomplete="on" name="login">
    <fieldset>
        <input type="hidden" value="@ViewData["AccessToken"]" /> @*Need to pass this in the query as access_token*@

        <div class="field">
            <input type="password" placeholder="New password" asp-for="Password" autocomplete="new-password" name="access_token" />
            <span asp-validation-for="Password" class="text-danger"></span>
        </div>
    </fieldset>

    <button type="submit">Reset password</button>
</form>

Answer 1

UPDATE

I understand your need. You want to retrieve the token without adding useless parameters in your action.

You could try javascript way, to append the token to the url.

view

<form id="ResetForm" asp-action="UpdatePassword" asp-controller="Account" method="post" autocomplete="on" name="login">
    <fieldset>
        <input type="hidden" id="access_token" value="@ViewData["AccessToken"]" /> @*Need to pass this in the query as access_token*@
        <div class="field">
            <input type="password" placeholder="New password" asp-for="Password" autocomplete="new-password" />
            <span asp-validation-for="Password" class="text-danger"></span>
        </div>
    </fieldset>

    <button type="submit">Reset password</button>
</form>

<script>
    document.getElementById('ResetForm').addEventListener('submit', function(e) {
        e.preventDefault();
        var form = e.target;
        var accessToken = document.getElementById('access_token').value;
        var actionUrl = form.action;

        actionUrl += (actionUrl.indexOf('?') === -1 ? '?' : '&') + 'access_token=' + encodeURIComponent(accessToken);
        form.action = actionUrl;
        form.submit();
    });
</script>

action no more token parameter

[HttpPost]
[Authorize]
public IActionResult UpdatePassword(PasswordModel model){}

Then your scheme can retrieve the token.

---

If I misunderstand your issue, please correct me. Here is a sample.

AccountController.cs

// call this action to reset the password
[HttpGet]
public IActionResult ResetForgottenPassword(string token)
{
    // previous logic

    ViewData["AccessToken"] = token;
    return View(new PasswordModel());
}

Pass the token in query

https://localhost:7107/account/ResetForgottenPassword?token=$%*$^$&@#

ResetForgottenPassword.cshtml

@model PasswordModel
@{
    ViewData["Title"] = "Reset Forgotten Password";
}

<h2>Reset Forgotten Password</h2>

<form asp-action="UpdatePassword" asp-controller="Account" asp-route-access_token="@ViewData["AccessToken"]" method="post" autocomplete="on" name="login">
    <fieldset>
        <div class="field">
            <input type="password" placeholder="New password" asp-for="Password" autocomplete="new-password" />
            <span asp-validation-for="Password" class="text-danger"></span>
        </div>
    </fieldset>

    <button type="submit">Confirm</button>
</form>

PasswordModel.cs

[Required]
[DataType(DataType.Password)]
[Display(Name = "Reset Password")]
public string Password { get; set; }

Then, in your UpdatePassword action, the token is passed.