'ASP.NET Core 3.1 Web API: how to protect sensitive data from return with model?

I have a Posts model class that has a relation with Users model. When I call API to get Posts with the owner of it (user), it returns with all user info including password.

How to prevent model from returning sensitive information like passwords?

asp.net-coreserializationasp.net-core-webapiasp.net-core-3.1


Solution 1:[1]

You should create new classes that you return from your actions. Only include the fields/information you want to return. These classes are also known as Data Transfer Objects (DTO).

Solution 2:[2]

You can use [JsonIgnore] to avoid serializing the property value:

public class Users 
{
    public int Id { get; set; }
    [System.Text.Json.Serialization.JsonIgnore]
    public string Password{ get; set; }
    //...
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 keuleJ
Solution 2 Rena

Related Questions

MongoDB BsonDocument - Serialize JSON as key-object

How to parse this json result without making class in C#

How do I serialize an object into query-string format?

Serializing a class which contains a std::string

Deserialization of reference types without parameterless constructor is not supported

A circular reference has been detected when serializing the object of class "App\Entity\User" (configured limit: 1)

How can I use serialized data in Gutenberg?

Serialization without Boost.Serialization

Laravel - Attribute casting does not cast serialised value to array

Reliable way to check if objects is serializable in JavaScript

.NET NewtonSoft JSON deserialize map to a different property name

Json.NET: how to remove assembly info from types in the resulting json string?

ModelSerializer field validation for empty string

Java Serialization/De-serialization giving null object references

PARCEL ERROR : unable to deserialize cloned data due to invalid or unsupported version