asp.net-mvc Model binding Prevent binding on PostModel

Help us to keep this website almost Ad Free! It takes only 10 seconds of your time:
> Step 1: Go view our video on YouTube: EF Core Bulk Extensions
> Step 2: And Like the video. BONUS: You can also share it!

Example

Considering a (post)model:

public class User
{
    public string FirstName { get; set; }
    public bool IsAdmin { get; set; }
}

With a view like so:

@using (Html.BeginForm()) {
    @Html.EditorFor(model => model.FirstName)
    <input type="submit" value="Save" />       
}

In order to prevent a malicious user from assigning IsAdmin you can use the Bind attribute in the action:

[HttpPost]
public ViewResult Edit([Bind(Exclude = "IsAdmin")] User user)
{
    // ...
}


Got any asp.net-mvc Question?