What is “posted” in ASP.NET MVC applications?

Question

As I review more code and blog posts from lots of MVC sources, I still haven't wrapped my mind around what is "posted" when a request is made. I realize MVC doesn't support post, but I'm having trouble finding resources that can explain it well enough to understand.

Inside the controller's public ActionResult nameOfAction(what the heck goes here?) { ... } what are my parameters?

Sometimes it looks like Visual Studio scaffolds (int id, MyObject myobject) for an Edit-style action--it includes something from my model, but not always.

Sometimes, it's (int id, FormCollection collection) for a delete-style action. Why not use the modeled object here? Is a FormCollection object always "posted"?

Sometimes, I see (RouteInfo routeInfo) which isn't recognized in my MVC2 Intellisense (is this MVC1 only or something?)

How can/do/should I establish these parameters? I think this will help me a lot at design time.

Answer 1

What gets post back from a form in MVC is the form data which includes each form element in a keyvalue pair.

If you only need this information then you would use:

public ActionResult nameOfAction(string name, string lastName, string etc)

MVC has some smart data model binding which takes the form data and automatically creates an object which is part of you domain model. For instance it could automatically create a Person object with the provided form data.

I believe there is a security concern with this as a user of your site may post data which is not part of your form and guess what your models are to inject their own data. I dont think this is a massive issue though and this is the way I would go.

I think you can use the anti-forgery helper to prevent users from posting back data which is not allowed in a form. anti-forgery

Answer 2

Use strongly typed views with a view-model and the strongly typed helpers. Then when you POST, you should get an instance of that view-model out.