Reputation: 1347
How to disable default model binding for a particular class
I want to disable model binding for a particular class , to be more specific i don't want certain data property of a class to be set by the default model binding .
eg . i have height and width property of a class , which i want to be explicitly set by the user
like model.height = xxx ;
the value should not be set by default model binders even when i pass the model to the action method.
is there a way to do so ?
Upvotes: 1
Views: 1511
Answers (2)
Reputation: 1038930
Take a look at the Exlude, Include properties of BindAttribute.
public ActionResult Create([Bind(Exclude="Height")]MyModel model)
IMHO it's better to use Include than Exclude because in this way you are explicit at what properties should be automatically bound. Using Exclude might be a security risk and could be exploited by a hacker to set properties that are not intended to be set by the binder.
Upvotes: 1
Reputation: 56500
You could do it as darin suggests, or you can actually do it in the model class itself
using System.Web.Mvc;
[Bind(Exclude = "Height, Width")]
public class MyModelClass {
....
}
That way no matter where it's used those properties will never get bound. It would be more secure to be explicit, and provide an (Include =) list though, that way new properties don't get bound by default, and you are forced to include them, considering the security implications as you do so.
Upvotes: 1
Related Questions
- Asp.net MVC Model binding derived class
- Change the default model binder in asp.net MVC
- Bind model explicitly
- How to tell the default model binder to ignore a property on postback
- asp.net mvc default model binder for model that has inheritance
- Unbind property from model MVC
- How can I prevent default binders for complex types?
- How to gain control over model binding?
- asp.net mvc bind a specific model
- asp.net mvc default model binding problem