If I send a ViewModel to a view and want to use some of the values in the ViewModel on a subsequent post, what is the best method for storing values so they may be bound back to the ViewModel being passed to the POST method after any data has been added/edited? I have seen HiddenFields proposed, but aren't there security risks with using that approach?
Thanks in advance!
HTML inputs, in general, are your only option, hidden or otherwise. As far a security risks go, the only possible problem is that the values of these inputs can be changed; even if you use hidden inputs, an enterprising user can use the developer tools of their browser to change the values. However, any thing you post ever, hidden inputs or not, should always be sanitized. Therefore, there's no security risks this poses that any form submission ever wouldn't also pose.