Model binding Prevent binding on PostModel

Help us to keep this website almost Ad Free! It takes only 10 seconds of your time:
> Step 1: Go view our video on YouTube: EF Core Bulk Extensions
> Step 2: And Like the video. BONUS: You can also share it!


Considering a (post)model:

public class User
    public string FirstName { get; set; }
    public bool IsAdmin { get; set; }

With a view like so:

@using (Html.BeginForm()) {
    @Html.EditorFor(model => model.FirstName)
    <input type="submit" value="Save" />       

In order to prevent a malicious user from assigning IsAdmin you can use the Bind attribute in the action:

public ViewResult Edit([Bind(Exclude = "IsAdmin")] User user)
    // ...

Got any Question?