entre entre - 6 months ago 18
Ajax Question

difference between MVC POST and WebApi POST

What is the difference between POST done using MVC v/s $.ajax,

$.ajax
or
$http
uses
XMLHTTPRequest
to send requests to the server. But what mechanism does ASP.NET MVC uses

Specifically what is the difference between

@using( Html.BeginForm("LoginMethod", "Login", FormMethod.Post) {
// form here
}


and

$.ajax({
url: '....',
type: 'post',
});


One of the senior member in my organization said that, we should not use
$.ajax
in a banking application. So is it that MVC POST is more secure?

Hence below questions



  1. What is the difference between MVC POST v/s $.ajax post

  2. Why/How/Is Really MVC POST is more secure?

  3. Why cant i see details of MVC POST in network tab in DevTools



Answer

Wow. No offense, but you need to take a big step back and familiarize yourself with the platform you're trying to develop for: the Internet. Read up on things like the TCP/IP and HTTP protocols. Also look into REST. It's actually sort of a parallel philosophy that can be applied to more than just interactions over HTTP, but it codifies pretty much how HTTP works and how web applications should be designed.

That said, I'll attempt to answer the three questions you've posed:

  1. What is the difference between MVC POST v/s $.ajax post

I have to actually deconstruct this because your understanding of the terminology at play is confused. First, a POST is a POST is a POST. There's not different kinds. POST is an HTTP verb, like GET. It carries a payload, called a request body, whereas GET has no body. The difference between a standard HTML form POST and an AJAX POST ($.ajax is a jQuery function and has no bearing on anything here), is all in the client, or web browser. With a traditional post, the entire tab or window context changes to a new page, whereas and AJAX request can be considered to be made by what's called a thin client. It's a JavaScript object, XMLHttpRequest, what acts as sort of a mini-browser within the browser. It makes requests and receives responses like a browser, but at a low level. It doesn't automatically render HTML, load related resources, etc. It just returns the response, and then it's up to you and your application to do something with that response.

  1. Why/How/Is Really MVC POST is more secure?

Not sure where that's coming from but it's not. Like I said above, a POST is a POST is a POST. And in and of itself, no POST is "secure". In the HTTP protocol, all data goes over the wire in plain text and can be seen by any intervening server or agent between the source and the destination. HTTPS, or HTTP Secure, is how a layer of security is added to HTTP. An SSL (secure socket layer) certificate is required for an HTTPS connection. All this really is is a public key that is certified by a CA (certificate authority) to belong to a particular domain and organization. When an HTTPS connection is establish, the client and server initiate a handshake, where they essentially trade public keys. The client uses the server's public key to encrypt the request headers and body and then sends the request. The public key is only good for encryption. To decrypt, you need a private key, which only the server has. The server decrypts the request, creates the response, encrypts it with the client's public key, and then sends it to the client. The client, likewise, use its private key to decrypt the response and then render the web page or whatever.

  1. Why cant i see details of MVC POST in network tab in DevTools

Again, I'm taking "MVC POST" to mean a traditional HTML form POST. MVC really has nothing to do with it. You can't see the details in the network tab of your browser's development console, because the development console is page-specific and as I described above, a traditional HTML form POST causes the browser tab or window's view to change completely. The network tab notes web traffic generate by the page: loading JS, CSS, images, etc. and making AJAX requests.