The Html.AntiForgeryToken method generates a hidden form field (anti-forgery token) that can be validated when the form is submitted. Call this method inside a DevExpress callback-aware extension to automatically send the token value with an extension callback.
In this example, the Html.AntiForgeryToken method is called in a SetHeaderCaptionTemplateContent method handler.
@Html.DevExpress().GridView(settings => {
// ...
settings.CommandColumn.SetHeaderCaptionTemplateContent(c => {
ViewContext.Writer.Write(Html.AntiForgeryToken().ToHtmlString());
ViewContext.Writer.Write("#");
});
During CRUD operations, the grid sends the token with a callback. To check the value on the server, decorate the action method with the ValidateAntiForgeryToken attribute.
[ValidateAntiForgeryToken]
public ActionResult GridViewAddNewPartial(Product product) {
// ...
}
[ValidateAntiForgeryToken]
public ActionResult GridViewUpdatePartial(Product product) {
// ...
}
[ValidateAntiForgeryToken]
public ActionResult GridViewDeletePartial(int productID) {
// ...
}
(you will be redirected to DevExpress.com to submit your response)