2

I would like to be able to expose a list of users using WebAPI 2. However since I am using the new Asp.Net Authentication framework in MVC5, I can't seem to find a way to only mark specific fields as DataMembers.

Heres what I have:

[DataContract]    
public class ApplicationUser : IdentityUser {
    public Nullable<DateTime> birthday { get; set; }
    [DataMember]
    public int tolerance { get; set; }
    [DataMember]
    public string twitter { get; set; }
}

However, that doesn't seem to work because IdentityUser doesn't have the [DataContract] attribute. I've tried creating a custom IdentityUser, but I haven't been able to build after creating a custom copy of IdentityUser.

Any tips or work arounds here? I'd prefer not to have to create a ViewModel, unless that's the current best practice.

Hao Kung
  • 28,040
  • 6
  • 84
  • 93
JustMaier
  • 2,101
  • 21
  • 23
  • Turns out using a ViewModel is definitely the best practice when it comes to WebAPI. If you really want to avoid the ViewModel, do what @Illuminati said in his answer. – JustMaier Feb 06 '17 at 17:20

3 Answers3

3

I know this is an old question and I stumbled upon it when I was trying to achieve the same thing. Here's what I ended up doing. You could override your properties and mark them as [JsonIgnore] so that they won't get serialised automatically. 

public class ApplicationUser : IdentityUser
    {
        public UserType UserType { get; set; }

        [JsonIgnore]
        public override string PasswordHash
        {
            get { return base.PasswordHash; }
            set { base.PasswordHash = value; }
        }
    }
Illuminati
  • 4,539
  • 2
  • 35
  • 55
  • Thanks @Illuminati, this would have been the answer I was looking for. That said, this is not the best practice and sending the whole model in WebAPI is probably not usually the best idea. – JustMaier Feb 06 '17 at 17:21
  • 1
    I agree this is not the best. But when you are doing a small POC , and you want to transfer things in ApplicationUser object - you really don't want to add the complexity of AutoMapper or creating ViewModels – Illuminati Feb 06 '17 at 23:03
2

You probably should just send a different object with the user info you need as opposed to serializing the user object.

Hao Kung
  • 28,040
  • 6
  • 84
  • 93
1

What formatter do you want to use? I don't see any issue with default Json formatter. But for xml serializer, it requires base class to be DataContract as well.

View model is always the best practice here, although most of the samples for web api are using data entity for simplicity. The two models are separate of concerns. View model represents the contract of your api and the data model represents your domain concept. Combining two models into one can impact your design decision or even more seriously, can cause security issues. Using data entity may expose unexpected data to user. For example, different formatters have different rules to control the exposure of model. JsonIgnore doesn't work in xml formatter. It will be more complicated if you have custom formatter. Especially for the identity user entity, which has many sensitive properties like pasword hash, security stamp. I won't recommend you expose it to public.

BTW, there is many mapper tools that can help to simplify the mapping from domain model to view model. You may need them: http://www.nuget.org/packages?q=mapper

Hongye Sun
  • 3,868
  • 1
  • 25
  • 18
  • I'll be using JSON, but I needed to JSONIgnore properties on `IdentityUser` but I can't modify or replicate it... Now that I know that the best practice is to create a view model, I'll create a view model and use [AutoMapper](http://www.nuget.org/packages/AutoMapper) to map to the view model using the info from [this question](http://stackoverflow.com/a/4285596/616888). – JustMaier Oct 22 '13 at 20:31