Salim AL-Badi
Reputation: 133
ASP.NET Core 3.1 Web API: how to protect sensitive data from return with model?
I have a Posts model class that has a relation with Users model.
When I call API to get Posts with the owner of it (user), it returns with all user info including password.
How to prevent model from returning sensitive information like passwords?
Upvotes: 1
Views: 129
Answers (2)
Rena
Reputation: 36605
You can use [JsonIgnore] to avoid serializing the property value:
public class Users
{
public int Id { get; set; }
[System.Text.Json.Serialization.JsonIgnore]
public string Password{ get; set; }
//...
}
Upvotes: 0
keuleJ
Reputation: 3486
You should create new classes that you return from your actions. Only include the fields/information you want to return. These classes are also known as Data Transfer Objects (DTO).
Upvotes: 1
Related Questions
- prevent property from being serialized in web API
- ASP.NET Core Data Protection API with Angular Front End
- How prevent some class properties from being returned from Web API?
- Using WebAPI and returning model
- How to secure a restful webapi core
- How to prevent web API from serializing my model from JSON to string
- How to protect a Web API using ASP.NET 5 MVC 6
- Protect sensitive data with REST Web Api
- How can I encrypt the returned Json from an WebAPI controller
- Best practice to protect model after post in MVC3