- Use BindAttribute on the action method
- Use [Editable] or [BindNever] on the model
- Use two different models
- Use a base class
- Use ModelMetadataTypeAttribute
- Explicit binding via TryUpdateModelAsync<>
This was a very quick run down of some of the options available to you to prevent mass assignment. Which approach you take is up to you, though I would definitely suggest using one of the latter 2-model approaches. There are other options too, such as doing explicit binding via TryUpdateModelAsync<> but the options I've shown represent some of the most common approaches. Whatever you do, don't just blindly bind your view models if you have properties that should not be edited by a user, or you could be in for a nasty surprise.
And whatever you do, don't bind directly to your EntityFramework models. Pretty please.
Ever since Microsoft purchased GitHub, many people have been searching for alternative places to host and share their code.
Microsoft Just Bought GitHub: Pros, Cons, and What It Means for You
وبلاگ بیل گیتس
Profiller رایگان برای ASP.NET
Fill and FillByObject
/// <summary> /// Insert values from an object into a string pattern. To specify the object's property you have to use the '{propertyName}'. /// </summary> /// <remarks> /// This method is a replacement to String.Format, but it has two differences: /// <list type="simple"> /// <item>It reverese the order you call the functionality, instead of writing String.Format(pattern, args) you write pattern.FillByObject(args). This makes the code look cleaner.</item> /// <item>You supply the pattern with an object and specify insertion points by property names.</item> /// </list> /// <example> /// <![CDATA[ /// "First name:{firstName}, Sur name:{Surname}".FillByObject(new {firstName = "Sam", lastName="Naseri"}); /// ]]> /// </example> /// </remarks> /// <seealso cref="Fill"/> /// <typeparam name="T">Type of bindingValue.</typeparam> /// <param name="bindingPattern">The pattern to fill.</param> /// <param name="bindingValue">The object providing values to fill in the pattern.</param> /// <returns>The pattern filled with values.</returns> public static string FillByObject<T>(this string bindingPattern, T bindingValue) { var properties = GetProperties(typeof(T)).ToList(); var values = properties.Select(property => property.GetValue(bindingValue, new object[] { })).ToList(); var result = bindingPattern; for (int index = 0; index < properties.Count; index++) { var property = properties[index]; var propPattern = "{" + property.Name + "}"; var old = result; result = result.Replace(propPattern, values[index] != null ? values[index].ToString() : ""); } return result; }
private static IEnumerable<PropertyInfo> GetProperties(Type t) { return t.GetProperties(BindingFlags.Public | BindingFlags.Instance); }
/// <summary> /// A simple replacement for String.Format which only makes the codes look nicer. /// </summary> /// <param name="pattern">The source string that you want to replace insertion points on it.</param> /// <param name="args">Values to be replaced in the pattern.</param> /// <returns></returns> public static string Fill(this string pattern, params object[] args) { return string.Format(pattern, args); }
کتابخانه angular-checkboxes
If you are used to manipulate HTML forms, you probably know that each checkbox is a separate variable (or maybe an ngModel with AngularJS). Demo
Sometimes, it could be usefull to manipulate all these checkboxes as a unique array.
angular.checkboxes
module lets you turn your list of checkboxes into a unique destination array, providing :
- two-way binding: manipulate the destination array will check/uncheck the checkboxes AND check/uncheck the checkboxes will modify the destination array.
- no isolated scope for each checkbox: the directive does not create new child scope.
- a mtCheckboxController: internal controller can be injected to other directives.
Always Encrypted is a new feature in SQL Server 2016, which encrypts the data both at rest *and* in motion (and keeps it encrypted in memory). So this protects the data from rogue administrators, backup thieves, and man-in-the-middle attacks. Unlike TDE, as well, Always Encrypted allows you to encrypt only certain columns, rather than the entire database.