Home/ Questions/Q 7018177
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T23:00:38+00:00

I have a model which has several fields which I never want to be

  • 0

I have a model which has several fields which I never want to be editable by the user. How can I create an edit page which not only hides these fields, but also protects against the user injecting the input elements themselves?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Take a look at TryUpdateModel() (MSDN article found here.). You can specify a black-list and white-list of what you’d like the method to actually update:

    public ActionResult MyUpdateMethod (MyModel myModel)
{
    if (ModelState.IsValid)
    {
        var myDomainModel = new DomainModel ();
        if (TryUpdateModel (myDomainModel,
                            new string[] { /* WhiteList Properties here */ },
                            new string[] { /* BlackList Properties here */ })

        {
            // Save it or do whatever
            return RedirectToActionV (/* Yada */);
        }
    }

    return View (myModel);
    }
}

    Along with that, I’d make sure that your posted model doesn’t contain the fields that you want the user to update, though that can be overriden with a hand-crafted form post. This will at least help you ensure you’re not accidentally putting fields on the page you don’t want edited.

    • 0