Can't create complex model from a Post form - Navigation property is null error in HttpPost form

I have an ASP.NET MVC project with the following model:

public class Project 
{
    [Key]
    [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
    public int Id { get; set; }
    public string Title { get; set; }
    public string? Description { get; set; }
    public Helpers.Enums.Categories? Category { get; set; }

    public int UserId { get; set; }
    public User User { get; set; }

    public ICollection<Backing>? Backings { get; set; } = null!;

    [DataType(DataType.Date)]
    public DateTime DateCreated { get; set; }
    public decimal CurrentFunding { get; set; }

    [Column(TypeName = "decimal(6, 2)")]
    public decimal FinalGoal { get; set; }

    // Virtual to benefit from EF lazy loading functionality
    public virtual ICollection<ResourceURL>? ImageURLS { get; set; } = null!;
    public virtual ICollection<Reward>? Rewards { get; set; } = null!;
}

This is another model:

public class User 
{
    [Key]
    [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
    public int Id { get; set; }
    public string? FullName { get; set; }
    public string Username { get; set; }
    public string Password { get; set; }
    public string Email { get; set; }
    public ICollection<Project>? Projects { get; } = new List<Project>();
    public ICollection<Backing>? Backings { get; } = new List<Backing>();
    public int? ImageURLId { get; set; }
    public ResourceURL? ImageURL { get; set; }
    public bool HasAdminPrivileges { get; set; }
}

As you can see (ignoring the rest of the models) they are in a One to many relationship. One user can have multiple projects, but a project has a single creator user. Also the relationship is strict so a user can have no projects but a project needs a creator.

My problem comes when creating a project. This is my Create method:

public IActionResult Create([Bind("Id,Title,Description,Category,UserId,DateCreated,CurrentFunding,FinalGoal")] Project project) 
{
    if (ModelState.IsValid) 
    {
        _dbService.CreateProject(project);
    }

    return RedirectToAction("Index");
}

And here is the CreateProject method of the service I have created.

public int CreateProject(Project project) 
{
    _context.Add(project);
    return _context.SaveChanges();
}

I have seeded my database with a bunch of User objects, however when I navigate to /Create and fill in the form with the fields I get an error that 'User' is null and required. I thought EF Core would automatically find the relevant User using the UserId field but it does not. Template code from .NET does find it automatically.

What am I doing wrong ? I'm using version 7 and my database is a localdb that I have seeded in the Context file.

I have tried passing a normal Project to the Create action instead of a binding and also looking for the user before adding the Project to the database but I feel that is incorrect as every piece of code I have seen does the "mapping" of the complex objects automatically using the Ids (which act as foreign keys).

Also, I have noticed in my Create action, that ModelState.IsValid is always false so I assume the info from the post form is not correct? Even though its the default form I get when using a scaffolded item.

This is a common problem when mixing EF and MVC, and sadly there are a lot of simple examples out there that make it look like it should all just work. It helps to break it down to a question of "what would you do if this was an Ajax call and you needed to construct your entity to send to the API?"

The trouble stems from what @Model is in MVC. When a controller passes an entity as a model to a View, it is passing the entity and any eager or lazy-loadable references to the view engine to build a view to send to the client browser, not to the client browser itself. The view engine will create the respective HTML controls referencing the values from the model, and embed the Javascript necessary to perform a POST call for the Form, which extracts the form data from the controls it creates. For instance when editing a model you typically won't have a textbox or such for the row ID, so you need a hidden input to contain the ID so the Javascript can extract it to submit as part of the form data. So when it comes to related data, the view needs controls with any/all related entities to draw upon to reconstruct those as well.

So going back to how you would make an Ajax call from the client, you need to be able to find all relevant fields for the entity, including any related entities from the client HTML or Javascript objects in order to construct that entity graph to pass back to the server. If the view engine didn't construct controls, hidden or otherwise for all of that data, how is the view going to construct it?

Another way to look at it is with the controller method itself:

public IActionResult Create([Bind("Id,Title,Description,Category,UserId,DateCreated,CurrentFunding,FinalGoal")] Project project) 
{
    //...
}

... could also be written as:

public IActionResult Create(int Id, string Title,string Description, string Category, int UserId, DateTime DateCreated, decimal CurrentFunding, decimal FinalGoal) 
{
    var project = new Project
    {
        Id = Id,
        Title = Title,
        Description = Description,
        // ...
    }
    //...
}

That is in essence all the Bind expression or using an Action that accepts an Entity/DTO does when it receives data from a request. The "entity" coming in is just a constructed copy from the data that is provided. It is only as complete as the data coming in. This gets extra complicated when dealing with graphs of entities (related entities) because where we might want to insert a new project, not every reference we want to make will also be an insert. We may want to reference an existing Team or other entity. The trouble is that any entity that gets deserialized this way will be treated as a new entity to be inserted, so even if we de-serialize a related Team, we would need to explicitly attach anything we want to relate to a new Project to the DbContext otherwise EF will try inserting a new Team when we just want to reference an existing one.

Now there is one "hack" you can use to make an entire entity graph available to a view to be able to update and send back using Javascript:

var model = @Html.Raw(Json.Encode(Model))

In the Ajax example you could update this JS model then pass it to a Controller POST action to be updated. There are three reasons you should not use something like this. Firstly, this will attempt to serialize the entire object graph of the model when the view engine constructs the view. This means that if you have lazy loading enabled, every property will be touched and lazy loading if it hasn't been eager loaded. If lazy loading is disabled then anything not eager loaded will be #null. This can result in a lot of extra database calls and/or a lot more data being sent to the view, slowing down performance. The second reason is that it exposes everything about your domain to the client. Anyone inspecting your HTML and Javascript will see information they probably don't need and should never see. At a minimum it gives them information about your schema that could be valuable for attempting malicious actions. The third reason is that when you start relying on passing entity models back and forth between controller and view, you start exposing your system to malicious actions like during an update:

_context.Attach(model);
_context.Entry(model).State = EntityState.Modified;
_context.SaveChages();

Code like this trusts everything about the data coming in, and if that data comes from values in HTML controls or a serialized JS object, it can be tampered with and overwrite data you don't expect. It still has the exact same problem when it comes to referencing existing entities as well. Everything coming in is a detached, non-tracked copy of data cast as an Entity.

The best advice I can offer is to not pass entities between controllers and views. Project entities into DTOs or ViewModels that represent the data structure your view needs, and pass back a DTO/ViewModel with your POST where you load the relevant entity(ies) or create the new entity after validating the data coming in, copy those values across, and save the entity. This avoids the risk of unexpected/unintended tampering, plus it reduces the payload size travelling to and from the server.