Is it a bad practice using model classes in controller in mvc?

Question

I wanted to compare with best practices when working with an ORM or database tables in asp.net mvc. One of the major questions I have is should I instantiate

Answer 1

You can still use view specific models to handle over posting issues, however there's a newer Bind attribute you can use to achieve the same thing, as outlined in this blog post.

Take Peter J's Entity model for example. On an edit method you could simply do this:

[HttpPost]
public ViewResult Edit([Bind(Include = "UserName, EmailAddress, FirstName, LastName")] User user)
{
    // ...
}

And simply leave out the IsAdmin item to prevent it from being used in the post.

Further, as noted in the blog post, you can take a "blacklist" method and tell your controller action which fields to exclude instead:

[HttpPost]
public ViewResult Edit([Bind(Exclude= "IsAdmin")] User user)
{
    // ...
}

You can also place it above the class name of the Entity model, like so:

[Bind(Exclude="IsAdmin")]
public class UserProfile
  {
    public string UserName { get; set; }
    public bool IsAdmin { get; set; }
    public string EmailAddress { get; set; }
    public string FirstName { get; set; }
    public string LastName { get; set; }
  }

This method may be better suited for when you only need to exclude or include a few fields from your Entity models.