c# - Need guide line for MVC action method with Bind attribute

Question

I was going through a action method code and i saw one attribute was used there but i really did not understand the use. here is the code

public ActionResult User([Bind(Include = "Username,FullName,Email")]User user)
{
   if (!ModelState.IsValid()) return View(user);

   try
   {
     user.save()
     // return the view again or redirect the user to another page
   }
   catch(Exception e)
   {
     ViewData["Message"] = e.Message;
     return View(user)
   }
}

([Bind(Include = "Username,FullName,Email")]User user)

i just do not understand the above line Bind include etc

so please help me to understand this kind of attribute used & when people write this kind of code in mvc. it will be really good help if some one make me understand with sample small code where they will use this Bind attribute.

Update: Suppose i have form from where user can enter only FirstName,LastName & Gender then my action method looks like

public ActionResult Edit(string FirstName,string LastName,string Gender)
{
    // ...
}

this will work i think. then why i should use a Bind Attribute because my above action method will works fine.

Answer 1

Bind attribute lets you "fine-tune" the model-binding process of certain parameter Type, without registering a custom ModelBinder specific to the Type.

For example, assume your Action is expecting a Person parameter defined as follows:

public class Person
{
    public Person(string firstName, string lastName, Gender gender)
    {
        this.FirstName = firstName;
        this.LastName = lastName;

        if (gender == Gender.Male)
            this.FullName = "Mr. " + this.FirstName + " " + this.LastName;
        else
            this.FullName = "Mrs. " + this.FirstName + " " + this.LastName;
    }

    public string FirstName { get; set; }
    public string LastName { get; set; }
    public Gender Gender { get; set; }

    // 'FullName' is a computed column:
    public string FullName { get; set; }
}

And the Action:

public ActionResult Edit(Person person)
{
    ...
}

Now, if someone is posting the following JSON:

{
    "FirstName":"John",
    "LastName":"Smith",
    "Gender":"Male",
    "FullName":"Mrs. John Smith"
}

Your Action will now have a person with the wrong FullName ('Mrs' instead of 'Mr').

To avoid such behavior you can use the Bind attribute and explicitly exclude the FullName property from the binding process ('Black-list'):

public ActionResult Edit([Bind(Exclude="FullName")] Person person)
{
    ...
}

Alternatively, you can use Include to ignore ('Black-list') all properties and only include ('White-list') the specified properties:

public ActionResult Edit([Bind(Include="FirstName,LastName,Gender")] Person person)
{
    ...
}

More info on MSDN.