0

I have a controller which I dont want to validate, when called upon.

My controller:

[Authorize(Roles = "Admin")]
[HttpPost]
[ValidateInput(false)]
public ActionResult Delete(MyLINQClass model)
{
    // Do something
}

My model:

[MetadataType(typeof(MyLINQClass MetaData))]
public partial class MyLINQClass : DefaultModel, IValidatableObject
{
    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
    {
         // Do validation
    }
}

I do not want the validate to be triggered, and I thought adding [ValidateInput(false)] would help. But the Validate() is still triggered.

Im using ASP MVC 3 and .NET 4.

Martin at Mennt
  • 5,677
  • 13
  • 61
  • 89

1 Answers1

1

The [ValidateInput(false)] is not related to model validation. It disables ASP.NET validation for XSS characters in the request such as <, >, ... The validation is triggered by the default model binder when it tries to bind the MyViewModel parameters. If you don't want to perform validation, simply write another view model that the Delete action will take as parameter and which won't have any Validate method.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • Thanks for your comment. I guess I could have made another view model, but the problem is that `MyViewModel` is extending a LINQ class. So if I make a new view model I would still include `MyViewModel`. – Martin at Mennt Oct 08 '11 at 15:15
  • @Martin, view models should not extend any domain entities such as LINQ classes. They should be independent and specifically tied to the requirements of given views. For example in your case you have different validation logic, so different view models makes sense. It is good practice to have your controller actions take and pass only view models from and to views, not any domain entities. – Darin Dimitrov Oct 08 '11 at 15:16
  • Okay, I see your logic there. I will try to make some changes. – Martin at Mennt Oct 08 '11 at 15:20