0

My old .net core 2 web api project used newtonsoft to serialise a datatable to json which I then passed back to a front end (angular) site as json ie using something along the lines of:

  1. Create a function ie public IActionResult Countries_Get(), query a sql server database and populate a new sql datatable ie DataTable dtCountries = clsDB.Execute_To_DataTable("selCountries", lstDBParams, Request);.
  2. Return the datatable from the function with a HTTPStatusCode such as Ok ie return Ok(dtCountries);

The code above no longer works in a .net 5.0 project (started fresh) with an error of System.NotSupportedException: Serialization and deserialization of 'System.Type' instances are not supported and should be avoided since they can lead to security issues. Path: $.Columns.DataType.

I've read that this is by design from Microsoft as it's insecure using the new System.Text.Json namespace, I really want to do it the right way going forward, but after hours of searching am no closer to the answer.

Can someone please advise how to do the above which does the same thing as the original application.

Cheers

SteveR
  • 11
  • 5
  • If you can, I would strongly recommend moving away from using `DataTable`, they are very old tech now, and there are many better options. But if you are stuck, you may be able to make it work by getting your project to use Newtonsoft instead of the new System.Text.Json namespace (as written in [this answer](https://stackoverflow.com/a/57652537/1663001)) – DavidG Dec 17 '20 at 15:20
  • Thanks @DavidG for the input, I'm still fairly new at web dev and as such probably not done things the right way from the off with the web api. If i were to move away from datatables which route would you suggest?...as mentioned this project is kind of a pre cursor to a much bigger one, hence I want to do it the right way, rather than the quick way. – SteveR Dec 17 '20 at 15:30
  • `DataTable` is just a legacy technology that is rarely used now. It's more common to use plain C# classes to hold objects. There are countless tutorials on how to query a database and return JSON, usually using an ORM like Entity Framework. – DavidG Dec 17 '20 at 15:32
  • Ok, I'll look at giving that a go and see if that fixes the problem and gives me a way forward. Cheers – SteveR Dec 17 '20 at 15:37

1 Answers1

-1

You seem to want to return a DataTable directly as a result. Indeed, this can lead to security problems.

Have you tried to do an intermediate mapping?

Put your DataTable properties into a new class then return this new class as result.

AtomikD3sign
  • 23
  • 3
  • Thanks @AtomikD3sign My original project was my first attempt at an Angular site which I learnt as I went, as such I tended to follow the same method of retrieving and passing data between the api and the front end, ie run a query to get the data, populate a datatable with the results, then pass that directly back to the angular front end, as such possibly not the best way. As for Intermediate mapping...I wouldn't know where to start and using my above method perhaps would result in a LOT of code change to do it differently. ie creating a new class for each type of object I want to return. – SteveR Dec 17 '20 at 15:35