0

I am developing ASP.NET Core 2.1 REST Api with field level security, which means e.g. that each property of current user's response object is checked for adequate permission and if doesn't have it, it is not serialized to JSON response.

But for JSON request (api endpoint call) I would like to return error when user tries to send property to which he has no permission. Example:

public async Task<IActionResult> AddDevice([FromBody] DeviceViewModel deviceViewModel)
{
    // do something
}

Maybe eventually I will not use this error approach, but I need a way to distinguish DeviceViewModel properties which were send by a client in JSON - from properties which were set by BodyModelBinder to their types default values.

Is there any simple way to achieve this?

Michael Black
  • 151
  • 1
  • 4
  • My thoughts are either make them null-able or just take in the json string and look at it there. – Ryan Schlueter Nov 27 '18 at 14:32
  • You could use `MissingMemberHandling.Error` along with exception handling as shown in [How to configure JSON.net deserializer to track missing properties?](https://stackoverflow.com/a/30301003). Or you could use *XmlSerializer style Specified property support* that is described [here](https://stackoverflow.com/a/39224495/3744182)... – dbc Nov 27 '18 at 15:24
  • ... Other options are shown in [Is there a way in Json.NET serialization to distinguish between “null because not present” and “null because null”?](https://stackoverflow.com/q/29024284) and [How to distinguish between null value and value not provided in Json.Net?](https://stackoverflow.com/q/22160403). Do any of those work for you? Should your question be marked as a duplicate of any/all of them? – dbc Nov 27 '18 at 15:25

0 Answers0