Why do we use ViewModels?

by

For smaller projects, you’re right. I hear your argument and sympathise – however there are good reasons for this, drudged and repetitive work, especially in larger and more complicated applications:

  • It’s essential to perform all processing within the Controller’s action. However in the example you’ve given, the Repository.Get method might return a lazily-evaluated IQueryable object, which would mean the DB wouldn’t be hit until the View is evaluated. For a variety of reasons this is bad. (A workaround is to call .ToList while still in the controller).
  • “A view should not contain any non-presentational logic” and “You should not trust the View” (because a View could be user-provided). By providing a Model object (potentially still connected to an active DatabaseContext) a view can make malicious changes to your database.

  • A View’s data-to-display does not always map 1:1 with its Model’s data, for example consider a User Details page:

    A User’s EF Model object represents its entity in the database, so it probably looks like this: User { UserId, UserName, PasswordHash, PasswordSalt, EmailAddress, CreatedDate }, whereas the fields on a “User details” page are going to be User { UserId, UserName, Password, ConfirmYourPassword, EmailAddress }, do you see the difference? Ergo, you cannot use the EF User model as the view model, you have to use a separate class.

  • The dangers of model manipulation: if you let ASP.NET MVC (or any other framework) do the model binding to the incoming HTTP POST Request then (taking the User details example above), a user could reset anyone’s password by faking the UserId property value. ASP.NET will rewrite that value during binding and unless you specifically sanitize it (which will be just as drudgeful as making individual ViewModels anyway) then this vulnerability will remain.

  • In projects with multiple developers working in a team situation, is is important that everything is consistent. It is not consistent to have some pages using bespoke ViewModels but other pages using EF Models because the team does not share a concious mind, things have to be documented and generally make-sense. For the same reason a single developer can get away without putting excessive XML documentation in his source code, but in a team situation you’ll fall apart if you don’t.

There is a slight workaround in your case I’ll share with you, but please note the preconditions:

  • Your views can be fully trusted
  • Your views contain only presentational logic
  • Your application is largely CRUD
  • Your views correspond 1:1 with each EF entity model (i.e. no JOINs)
  • Your views only deal with single Simple models for POST forms, not Complex models (i.e. an object graph)

…then you can do this:

  • Put all one-way, non-form-related data into your ViewData collection, or the ViewBag in MVC 4 (or even a generic ViewData<T> if you’re hardcore). This is useful for storing HTML page titles and sharing data with Master pages.
  • Use your fully-evaluated and loaded EF models as your View<TModel> models.

But use this approach with caution because it can introduce inconsistency.

More Related Contents:

  1. Session variables in ASP.NET MVC
  2. Two related questions on jqGrid column header filters and the advanced filtering dialog
  3. ASP.NET MVC How to pass JSON object from View to Controller as Parameter
  4. How do you request static .html files under the ~/Views folder in ASP.NET MVC?
  5. Adding another “Pet” to a Model Form
  6. How to lock down paths in ASP.NET MVC?
  7. Why should I use view models?
  8. Multiple DB Contexts in the Same DB and Application in EF 6 and Code First Migrations
  9. ASP.NET MVC Html.ValidationSummary(true) does not display model errors
  10. HTML.ActionLink vs Url.Action in ASP.NET Razor
  11. How to create custom validation attribute for MVC
  12. How can I pass parameters to a partial view in mvc 4
  13. ASP.NET MVC framework 4.5 CSS bundle does not work on the hosting
  14. Is there a good/proper way of solving the dependency injection loop problem in the ASP.NET MVC ContactsManager tutorial?
  15. pass enum to html.radiobuttonfor MVC3
  16. Does a view exist in ASP.NET MVC?
  17. 404 Http error handler in Asp.Net MVC (RC 5)
  18. Adding a controller factory to ASP MVC
  19. keyword not supported data source
  20. ASP.NET MVC5/IIS Express unable to debug – Code Not Running
  21. Best practices for debugging ASP.NET MVC Binding
  22. How to compile cshtml before runtime
  23. CORS in ASP .NET MVC5
  24. how to implement ASP.NET Identity to an empty MVC project
  25. Incompatible Data Reader Exception From EF Mapped Objects
  26. IIS Express — Getting SSL to Work
  27. Where are @Json.Encode or @Json.Decode methods in MVC 6?
  28. Hiddenfor not getting correct value from view model
  29. Routing in Asp.net Mvc 4 and Web Api
  30. How can I create a route constraint of type System.Guid?

Leave a Comment