Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Validating Model Data in an MVC Application

Validating user input to make sure that it matches the data model in an ASP.NET MVC application can help you protect the application data from user input mistakes and from users who have malicious intent. There are many ways to incorporate input validation in an MVC application. For example, you can use a publicly available validation library, such as the Microsoft Enterprise Library Validation Block. This topic focuses on the MVC features that support validation and shows you a simple way to validate model data.

When a user submits a form, the form data is passed to a controller action method by using the ViewDataDictionary collection. The ViewDataDictionary has a ModelState property that contains a collection of ModelState objects. For each model that is defined in an MVC application, the MVC framework creates a corresponding ModelState object and adds it to the collection.

The action method that receives the form data defines the validation rules that apply to the form data. Some validation rules are inferred from the model, such as a rule that specifies that a field must contain an integer. Other validation rules are defined in the action method, such as a rule that specifies that a field must match a given regular expression. If a rule is violated, the action method uses the ModelState property to pass the validation error information back to the view. You can then use HTML helper methods in the view to render a summary of error messages and indicate the form fields where errors were found.

The following example shows a Person class that defines properties for storing personal data.

                        public class Person
    public string Name { get; set; }
    public int Age { get; set; }
    public string Street { get; set; }
    public string City { get; set; }
    public string State { get; set; }
    public string Zipcode { get; set; }
    public string Phone { get; set; }
    public string Email { get; set; }

The following markup defines a form for entering values to create a Person instance. If the user enters an invalid value for the Person instance, this view is rendered again, this time with error messages, which are passed to the view in the ModelState property.

At the top of the view, the ValidationSummary helper method renders a list of validation errors, if any are found. In addition, the ValidationMessage helper method renders a validation error message next to each form field for which an error is found.


<%= Html.ValidationSummary("Create was unsuccessful. Please correct the errors and try again.") %>

<% using (Html.BeginForm()) {%>

            <label for="Name">Name:</label>
            <%= Html.TextBox("Name") %> Required
            <%= Html.ValidationMessage("Name", "*") %>
            <label for="Age">Age:</label>
            <%= Html.TextBox("Age") %> Required
            <%= Html.ValidationMessage("Age", "*") %>
            <label for="Street">Street:</label>
            <%= Html.TextBox("Street") %>
            <%= Html.ValidationMessage("Street", "*") %>
            <label for="City">City:</label>
            <%= Html.TextBox("City") %>
            <%= Html.ValidationMessage("City", "*") %>
            <label for="State">State:</label>
            <%= Html.TextBox("State") %>
            <%= Html.ValidationMessage("State", "*") %>
            <label for="Zipcode">Zipcode:</label>
            <%= Html.TextBox("Zipcode") %>
            <%= Html.ValidationMessage("Zipcode", "*") %>
            <label for="Phone">Phone:</label>
            <%= Html.TextBox("Phone") %> Required
            <%= Html.ValidationMessage("Phone", "*") %>
            <label for="Email">Email:</label>
            <%= Html.TextBox("Email") %> Required
            <%= Html.ValidationMessage("Email", "*") %>
            <input type="submit" value="Create" />

<% } %>

    <%=Html.ActionLink("Back to List", "Index") %>

When this form is submitted, the Create action method defines the following validation rules for the properties in the Person class:

  • The Name, Age, Phone, and Email properties are required.

  • The Age property must be an integer in the range between 1 and 200.

  • The Street, City, and State properties are optional.

  • The Zipcode property is optional, but it must be a valid postal code if it is entered.

  • The Phone property must be a valid telephone number.

  • The Email property must be a valid e-mail address.

If a validation error occurs, the action method calls the AddModelError method to add the error to the associated ModelState object. The AddModelError method accepts the name of the associated property and the error message to display. After the action method executes the validation rules, it uses the IsValid property of the ModelStateDictionary collection to determine whether the resulting data complies with the model.

public ActionResult Create(Person person)
    if (person.Name.Trim().Length == 0)
        ModelState.AddModelError("Name", "Name is required.");
    if (person.Age < 1 || person.Age > 200)
        ModelState.AddModelError("Age", "Age must be within range 1 to 200.");
    if ((person.Zipcode.Trim().Length > 0) && (!Regex.IsMatch(person.Zipcode, @"^\d{5}$|^\d{5}-\d{4}$")))
        ModelState.AddModelError("Zipcode", "Zipcode is invalid.");
    if (!Regex.IsMatch(person.Phone, @"((\(\d{3}\) ?)|(\d{3}-))?\d{3}-\d{4}"))
        ModelState.AddModelError("Phone", "Phone number is invalid.");
    if (!Regex.IsMatch(person.Email, @"^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$"))
        ModelState.AddModelError("Email", "Email format is invalid.");
    if (!ModelState.IsValid)
        return View("Create", person);


    return RedirectToAction("Index");

Community Additions

© 2015 Microsoft