Menu
I wanted to compare with best practices when working with an ORM or database tables in asp.net mvc. One of the major questions I have is should I instantiate the model classes directly in controller..not query the database but just use the model class to store the values.
For e.g. If I am using entity framework as model...then is it a bad practice to use the entity class objects in the controller. There are times when it is just easier to directly use the database classes generated in the controller instead of creating ViewModels or even ViewData. We have a data access layer and a Business layer where all the querying and business logic is applied but although easier I don't like the idea of accessing the model in the controller but is it really a bad practice?
891
It is not recommended to create huge controllers with hundreds of actions, because they are difficult to understand and support. It is recommended to create new controller class for each model (or for most important ones) of your business logic domain.
Question: Can there be two+ models in 1 controller? Answer: yes. Create a wrapper model, put other two models in it.
In Solution Explorer, right-click the Controllers folder and then click Add, then Controller. In the Add Scaffold dialog box, click MVC 5 Controller with views, using Entity Framework, and then click Add. Select Movie (MvcMovie. Models) for the Model class.
You can't really have a controller without a Model and a View, however it makes a lot more sense to just have a View or just have a Model (for example, in unit testing). That's why you want to pass in those dependencies into the Controller, and not the other two.
Yes, it is a bad practice, because of the problem of "over-posting".
For instance, consider an Entity model for a UserProfile:
public class UserProfile
{
public string UserName { get; set; }
public bool IsAdmin { get; set; }
public string EmailAddress { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
Your user profile page allows the user to Edit their FirstName, LastName, and EmailAddress.
An unscrupulous user could simply modify the form to post "IsAdmin" along with the other values. Because your Action is expecting an input of UserProfile, the IsAdmin value will be mapped as well, and eventually persisted.
Here is an excellent writeup about the perils of under and overposting.
I see nothing wrong with binding Entity models directly to your [HttpGet] methods, though.
95
Actually, it depends, maybe all you need is exactly show your model in UI. then I see no sense in wrapping it. But most of the times, even if you think you do not need to change anything in a model before showing it into view, you may need to do it in future. So the better way is to separate your exact model and future view data. It gives you more flexibility if you ned to change something (like change DB structure but view will remain the same)
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
