Back to Curriculum

Model Binding and Validation

📚 Lesson 4 of 15 ⏱️ 55 min

Model Binding and Validation

55 min

Model binding automatically maps HTTP request data (form data, query strings, route parameters) to action method parameters and model properties, eliminating manual data extraction. ASP.NET Core's model binding system examines request data and matches it to method parameters or model properties by name. This simplifies request handling and reduces boilerplate code. Understanding model binding enables efficient request processing. Model binding works with simple types, complex types, and collections.

ASP.NET Core provides built-in validation attributes for common validation scenarios, enabling declarative validation on models. Attributes like `[Required]`, `[StringLength]`, `[Range]`, `[EmailAddress]`, and `[RegularExpression]` provide validation rules. Validation occurs automatically during model binding. Understanding validation attributes enables data integrity. Validation attributes are applied to model properties and checked automatically.

You can create custom validation attributes for complex business rules that aren't covered by built-in attributes. Custom validation attributes inherit from `ValidationAttribute` and override `IsValid` method. Custom attributes enable domain-specific validation. Understanding custom validation enables flexible validation rules. Custom validation is essential for complex business requirements.

ModelState contains validation results and can be checked with `ModelState.IsValid` to determine if validation passed. When validation fails, `ModelState` contains error messages that can be displayed to users. Understanding ModelState enables proper error handling. ModelState is automatically populated during model binding and validation.

Validation can occur on both client-side (using JavaScript) and server-side (always performed). Client-side validation provides immediate feedback but must be complemented by server-side validation for security. Server-side validation is essential—never rely solely on client-side validation. Understanding both validation types enables secure, user-friendly applications.

Best practices include always validating on the server (client-side is for UX only), using appropriate validation attributes, providing clear error messages, checking ModelState.IsValid before processing, and creating custom validators for complex rules. Understanding model binding and validation enables secure, robust applications. Validation is essential for data integrity and security.

Key Concepts

  • Model binding automatically maps request data to parameters and models.
  • Validation attributes provide declarative validation rules.
  • Custom validation attributes enable complex business rule validation.
  • ModelState contains validation results and errors.
  • Server-side validation is essential for security.

Learning Objectives

Master

  • Understanding model binding and how it works
  • Using built-in validation attributes
  • Creating custom validation attributes
  • Handling validation errors with ModelState

Develop

  • Understanding data validation principles
  • Designing secure validation strategies
  • Implementing comprehensive validation

Tips

  • Always validate on the server—client-side validation is for UX only.
  • Use appropriate validation attributes for common scenarios.
  • Check ModelState.IsValid before processing data.
  • Provide clear, user-friendly error messages.

Common Pitfalls

  • Relying only on client-side validation, creating security vulnerabilities.
  • Not checking ModelState.IsValid, processing invalid data.
  • Not providing clear error messages, confusing users.
  • Not using validation attributes, missing validation opportunities.

Summary

  • Model binding automatically maps request data to parameters.
  • Validation attributes provide declarative validation.
  • Custom validation enables complex business rules.
  • Understanding model binding and validation enables secure applications.
  • Server-side validation is essential for security.

Exercise

Create a form with model binding and validation.

// Product.cs
public class Product
{
    [Required]
    [StringLength(100)]
    public string Name { get; set; }
    
    [Range(0, 1000)]
    public decimal Price { get; set; }
    
    [EmailAddress]
    public string ContactEmail { get; set; }
}

// ProductController.cs
[HttpPost]
public IActionResult Create(Product product)
{
    if (ModelState.IsValid)
    {
        // Save product
        return RedirectToAction("Index");
    }
    return View(product);
}

Code Editor

Output