In my experience, models from a database are seldom the same as being used in web pages. You always need some kind of change. Hence the usage of ViewModel
s. Another upside is that all web pages that use your ViewModel won't break if the entity model is changed.
As for security, if you have a public ActionResult Save(MyEntityModel model)
can lead to a security breach since the user may figure out how to post values to properties that shouldn't be changed (like Role
, Status
, IsAdmin
or whatever).
Get yourself familiar with a mapper (like automapper) instead, and put the attributes on the ViewModel.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…