اگر میخواید سمت اکشن هم اصلا قابل دریافت نباشه ، میتونید از Bind-Exclude استفاده کنید.
اما اگر میخواید سمت اکشن دریافت بشه ، اما در ویو قابل تغییر توسط کاربر نباشه ، میتونید از همچین چیزی استفاده کنید :

HTML Helper :

public static class HtmlExtensions
{
public static MvcHtmlString SecureHidden(this HtmlHelper htmlHelper, string name, object value)
{
return SecureHidden(htmlHelper, name, value, null);
}

public static MvcHtmlString SecureHidden(this HtmlHelper htmlHelper, string name, object value, object htmlAttributes)
{
return SecureHidden(htmlHelper, name, value, HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAtt ributes));
}

private static MvcHtmlString SecureHidden(
this HtmlHelper htmlHelper,
string name,
object value = null,
IDictionary<string, object> htmlAttributes = null)
{
return SecureHiddenHelper(htmlHelper, value: value, name: name, htmlAttributes: htmlAttributes);
}

public static MvcHtmlString SecureHiddenFor<TModel, TProperty>(
this HtmlHelper<TModel> htmlHelper,
Expression<Func<TModel, TProperty>> expression,
object htmlAttributes)
{
return SecureHiddenFor(htmlHelper, expression, HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAtt ributes));
}

public static MvcHtmlString SecureHiddenFor<TModel, TProperty>(
this HtmlHelper<TModel> htmlHelper,
Expression<Func<TModel, TProperty>> expression,
IDictionary<string, object> htmlAttributes = null)
{
var metadata = ModelMetadata.FromLambdaExpression(expression, htmlHelper.ViewData);

return SecureHiddenHelper(htmlHelper, metadata.Model, ExpressionHelper.GetExpressionText(expression), htmlAttributes);
}

public static MvcHtmlString DisableIf(this MvcHtmlString instance, Func<bool> expression)
{
const string disabled = ""disabled"";

if (!expression.Invoke()) return instance;

var html = instance.ToString();
html = html.Insert(html.IndexOf(">", StringComparison.Ordinal), " disabled= " + disabled);

return new MvcHtmlString(html);
}

private static MvcHtmlString SecureHiddenHelper(HtmlHelper htmlHelper,
object value,
string name,
IDictionary<string, object> htmlAttributes)
{
var binaryValue = value as Binary;

if (binaryValue != null)
value = binaryValue.ToArray();

if (value is byte[] byteArrayValue)
value = Convert.ToBase64String(byteArrayValue);

return InputHelper(htmlHelper, name, value, setId: true, format: null, htmlAttributes: htmlAttributes);
}

private static MvcHtmlString InputHelper(HtmlHelper htmlHelper,
string name,
object value,
bool setId,
string format,
IDictionary<string, object> htmlAttributes)
{
var fullName = htmlHelper.ViewContext.ViewData.TemplateInfo.GetFu llHtmlFieldName(name);

if (string.IsNullOrEmpty(fullName))
throw new ArgumentException("name");

var inputItemBuilder = new StringBuilder();

var hiddenInput = new TagBuilder("input");
hiddenInput.MergeAttributes(htmlAttributes);
hiddenInput.MergeAttribute("type", HtmlHelper.GetInputTypeString(InputType.Hidden));
hiddenInput.MergeAttribute("name", fullName, true);
hiddenInput.MergeAttribute("value", htmlHelper.FormatValue(value, format));

var hiddenInputHash = new TagBuilder("input");
hiddenInputHash.MergeAttribute("type", HtmlHelper.GetInputTypeString(InputType.Hidden));
hiddenInputHash.MergeAttribute("name", $"__{fullName}Token", true);

var identity = htmlHelper.ViewContext.HttpContext.User.Identity;

if (!string.IsNullOrEmpty(identity.Name))
value = $"{identity.Name}_{value}";

var encodedValue = Encoding.Unicode.GetBytes(htmlHelper.FormatValue(v alue, format));

hiddenInputHash.MergeAttribute(
"value",
Convert.ToBase64String(MachineKey.Protect(encodedV alue, "Protected Hidden Input Token")));

if (setId)
{
hiddenInput.GenerateId(fullName);
hiddenInputHash.GenerateId($"__{fullName}Token");
}

inputItemBuilder.Append(hiddenInput.ToString(TagRe nderMode.SelfClosing));
inputItemBuilder.Append(hiddenInputHash.ToString(T agRenderMode.SelfClosing));

return MvcHtmlString.Create(inputItemBuilder.ToString());
}
}


Validate Attribute :

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public sealed class ValidateSecureInputAttribute : FilterAttribute, IAuthorizationFilter
{
private readonly string[] _properties;

public ValidateSecureInputAttribute(params string[] properties)
{
if (properties == null || !properties.Any())
throw new ArgumentException("Secure inputs are not specified !");

_properties = properties;
}

public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException(nameof(filterContext));
}

_properties.ToList().ForEach(property => Validate(filterContext, property));
}

private static void Validate(AuthorizationContext filterContext, string property)
{
var protectedValue = filterContext.HttpContext.Request.Form[$"__{property}Token"];
var decodedValue = Convert.FromBase64String(protectedValue);

var decryptedValue = MachineKey.Unprotect(decodedValue, "Protected Hidden Input Token");

if (decryptedValue == null)
{
throw new HttpSecureHiddenInputException("A required security token was not supplied or was invalid.");
}

protectedValue = Encoding.Unicode.GetString(decryptedValue);

var originalValue = filterContext.HttpContext.Request.Form[property];

var identity = filterContext.HttpContext.User.Identity;

if (!string.IsNullOrEmpty(identity.Name))
originalValue = $"{identity.Name}_{originalValue}";

if (!protectedValue.Equals(originalValue))
throw new HttpSecureHiddenInputException("A required security token was not supplied or was invalid.");
}
}


بعد از اینکه این 2 کلاس رو اضافه کردید ، میتونید به این شکل استفاده کنید :

View :

@Html.SecureHiddenFor(model => model.ID)


Controller :

[HttpPost]
[ValidateAntiForgeryToken]
[ValidateSecureInput(nameof(Product.ID))]
public async Task<ActionResult> Edit(Product product)
{
// ...
}