MVC 6 Bind Attribute disappears?

by

The best way to prevent overposting is to get the entity, update only the properties needed to update and save it.

Assuming you have a view model like

public class CustomerViewModel
{
   public int Id {set;get;}
   public String UserName {set;get;}
   public String FirstName {set;get;}
   public String LastName {set;get;}

}

And assume there is a view called Update which shows UserName in readonly/display only form and FirstName and LastName in editable fields. So even if user posts an updated UserName via some means, we should not be updating that field value.

[HttpPost]
public ActionResult Update(CustomerViewModel model)
{
  var customer = yourDbContext.Customers.FirstOrDefault(s=>s.Id==model.Id);
  if(customer!=null)
  {
    // Updating only fields which are supposed to be updated from the view.

    customer.FirstName = model.FirstName;
    customer.LastName = model.LastName;

    yourDbContext.Entry(customer).State = EntityState.Modified;
    yourDbContext.SaveChanges();

    return RedirectToAction("UpdatedSuccessfully");
  }
  return View("NotFound");
}

More Related Contents:

  1. How to manually decrypt an ASP.NET Core Authentication cookie?
  2. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  3. Are HTTP cookies port specific?
  4. Salt Generation and open source software
  5. Is “double hashing” a password less secure than just hashing it once?
  6. How should I ethically approach user password storage for later plaintext retrieval?
  7. Authentication versus Authorization
  8. Where to store JWT in browser? How to protect against CSRF?
  9. Remove Server Response Header IIS7
  10. Is it safe to enable CORS to * for a public and readonly webservice?
  11. What is the purpose of base 64 encoding and why it used in HTTP Basic Authentication?
  12. Differences Between Rijndael and AES
  13. Convert .pfx to .cer
  14. Is there any possible ways to bypass cloudflare security checks?
  15. Send mail via Gmail with PowerShell V2’s Send-MailMessage
  16. Is it secure to submit from a HTTP form to HTTPS?
  17. Is JSONP safe to use?
  18. How to prevent arbitrary client apps from using anonymous web API?
  19. Is HTTP header Referer sent when going to a http page from a https page?
  20. Using Symfony2’s AccessDeniedHandlerInterface
  21. Is it safe to enable ”Access-Control-Allow-Origin: *“ (wildcard) for a public and readonly webservice?
  22. Why not use HTTPS for everything?
  23. Where is the PEM file format specified?
  24. Difference between CSRF and X-CSRF-Token
  25. MD5 security is fine? [closed]
  26. Keygen tag in HTML5
  27. Remember me Cookie best practice?
  28. buffer overflow example from Art of Exploitation book
  29. Am I under risk of CSRF attacks in a POST form that doesn’t require the user to be logged in?
  30. Understanding CSRF

Leave a Comment