In MVC5 how do I set the current date and user id in the view for submitting a new object

asp.net-mvc-5 c# entity-framework-6

Question

I have an entity that has a userId column from the user table and a submitted date column. When I create a new entity I would like to use

@Html.HiddenFor(m => m.submitteddate)
@Html.HiddenFor(m => m.SubmittedById, User.Identity.GetUserId())

have the current date and user id come through I tried

 @Html.HiddenFor(m => m.submitteddate, DateTime.Now.ToString())
 @Html.HiddenFor(m => m.SubmittedById, User.Identity.GetUserId())

but it did not work.

what is the best way to accomplish this? Is there another way to do it in the view or should I set the variables in the model or controller get or controller post methods?

I'm using mvc5, razor syntax with entity framework 6 and c#

Accepted Answer

Collecting my previous comments into an answer:

Setting the user ID in a hidden field in the HTML will create a security issue as the end user will be able to change the ID, thus impersonating another user.

To avoid this issue set the submitteddate and SubmittedById in your controller after post back. This way you can be certain that the values are set and are correct values.




Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Is this KB legal? Yes, learn why
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Is this KB legal? Yes, learn why