In a model of ASP.NET MVC application, how can we make sure that a particular parameter (ie a property) doesnot accept any value from the client.plese note, though we can simply not show any control like textbox or combobox for it , but a hacker kind of a person can send the values from http interceptor like webscrape etc.
so is there data annotation or so for it.
I would go with an ActionFilter that clears form parameter before it's processed by controller.
sth like this:
public sealed class ClearValueActionFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Request.Form.Remove([attribute name]);
}
}
In you controller action method you can use Bind
attribute to exclude a property you want:
public ActionResult Create([Bind(Exclude="Property)]Model model)
{
....
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.