5

I have a view model:

public class RegisterModel
{
   ...
   public bool Confirmation{ get; set; }
}

I use checkbox helper on my view:

@model RegisterModel

......
@Html.CheckBoxFor(m => m.Confirmation)

This checkbox html helper creates:

<input id="Confirmation" name="Confirmation" value="true" type="checkbox">
<input name="Confirmation" value="false" type="hidden">

On Controller

[HttpPost]
[ValidateAntiForgeryToken]
    public ActionResult Register(RegisterModel model)
{
   if (!ModelState.IsValid)
                return View(model);
.....
}

Let's say some user changes values of inputs to 'xxx' and posts it. Therefore, Model is not valid and we return view. After that, Html.CheckBoxFor gives this error:

The parameter conversion from type 'System.String' to type 'System.Boolean' failed.

Inner Exception:

System.FormatException: xxx is not a valid value for Boolean

When we return view: Model.Confirmation value is false but Request["Confirmation"] value is 'xxx'.

This error comes from ValueProviderResult class on ConvertSimpleType method. I think, it tries to convert Request["Confirmation"] value to boolean and it gives error.

[SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Conversion failure is not fatal")]
private static object ConvertSimpleType(CultureInfo culture, object value, Type destinationType)
{

.....
    TypeConverter converter = TypeDescriptor.GetConverter(destinationType);
    bool canConvertFrom = converter.CanConvertFrom(value.GetType());
    if (!canConvertFrom)
    {
        converter = TypeDescriptor.GetConverter(value.GetType());
    }
    if (!(canConvertFrom || converter.CanConvertTo(destinationType)))
    {
        // EnumConverter cannot convert integer, so we verify manually
        if (destinationType.IsEnum && value is int)
        {
            return Enum.ToObject(destinationType, (int)value);
        }
             string message = String.Format(CultureInfo.CurrentCulture, MvcResources.ValueProviderResult_NoConverterExists,
                                           value.GetType().FullName, destinationType.FullName);
        throw new InvalidOperationException(message);
    }

.....
}

How can I fix or avoid this error?

Improve this question
12
  • 1
    This is weird. Why does CheckBoxFor create two inputs with exactly same name? Commented Dec 4, 2015 at 15:49
  • 1
    @SantiagoHernández - two inputs get created. If the checkbox is not checked, it doesn't get posted. stackoverflow.com/questions/2860940/… Commented Dec 4, 2015 at 15:56
  • 1
    Well, can't you change the value to false in case of ModelState.IsValue == false? Commented Dec 4, 2015 at 15:57
  • 1
    Thanks @ataravati I changed my model.isvalid code to if (!ModelState.IsValid) { bool confirmation = bool.TryParse(Request["Confirmation"],out confirmation); ModelState.Remove("Confirmation"); request.Confirmation = confirmation; return View(request); } But I dunno why helper tries to get value from request beside of model. Commented Dec 4, 2015 at 16:09
  • 1
    I'm saying that in order for a value other that False to be posted, a malicious user must be manipulating the value of the hidden input (e.g. posting a value using fiddler in order to try and cause you app to fail). So why not just redirect them to an error page telling them to .... Commented Dec 6, 2015 at 22:17

1 Answer 1

Reset to default
4

According to @StephenMuecke this is default behavior. You can check detailed answer

According to @ataravati we should handle this on model.IsValid==false. If model is not valid, We remove the value of checkbox and assign new one. Therefore We don't get any error when we return view.

 if (!ModelState.IsValid)
            {
                bool confirmation;

                bool.TryParse(Request["Confirmation"],out confirmation);
                ModelState.Remove("Confirmation");
                request.Confirmation = confirmation;
                return View(request);
            }

According to @StephenMuecke if checkbox input value is not boolean, the user is malicious for sure. Therefore we redirect user to another action which has tracking/blocking ip algorithm and returns 404 as a view.

  if (!ModelState.IsValid)
            {
                bool confirmation;
                if (bool.TryParse(Request["Confirmation"], out confirmation))
                    return View(request);
                return RedirectToAction("Http404", "Errors"); //This not just redirecting 404, it has also tracking/blocking ip algorithm.
            }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.