0

I have created a register user endpoint in an ASP.NET Core app. For that I am using the following DTO:

namespace CommandAPI.Models
{
    using System.ComponentModel.DataAnnotations;

    public class  RegisterUserDto
    {
        [Required]
        [EmailAddress]
        public string  Email { get; set; }     

        [Required]
        public string Password { get; set; }
    }
}

If I make a https call to this endpoint with following body :

[
  {
        "Email" : "abc@email.com",
        "Password" : "abc@123#"
  }
]

The endpoint returns the following error response :

{
  "errors": {
    "": [
      "Cannot deserialize the current JSON array (e.g. [1,2,3]) into type 'CommandAPI.Models.RegisterUserDto' because the type requires a JSON object (e.g. {\"name\":\"value\"}) to deserialize correctly.\r\nTo fix this error either change the JSON to a JSON object (e.g. {\"name\":\"value\"}) or change the deserialized type to an array or a type that implements a collection interface (e.g. ICollection, IList) like List<T> that can be deserialized from a JSON array. JsonArrayAttribute can also be added to the type to force it to deserialize from a JSON array.\r\nPath '', line 1, position 1."
    ]
  },
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
  "title": "One or more validation errors occurred.",
  "status": 400,
  "traceId": "|3dcc7b94-4f57775eed318939."
}

Though the error is correct, but it contains my dto class name with namespace. How to suppress this detail in response?

I am using the following service to convert incoming json request to C# object :

services.AddControllers().AddNewtonsoftJson(s => s.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver());
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
V K
  • 1,645
  • 3
  • 26
  • 57
  • 2
    I recommend leaving it, your DTO and its namespace is not a secret but the contract of your API, the client (you) provided an input that violates the specified contract and the error shows that. – arynaq Oct 01 '21 at 07:08
  • 2
    Why do you want to suppress it? This is a validation error, not a random exception. `but it contains my dto class name with namespace.` yes. Those are part of your documentation and your Swagger schema already. If you posted `{"Email":"potato"}` you'd get a validation message saying that the `password` field is missing. The request you posted is something that's used by a registration form and any validation problems that aren't caught by the client/browser browser will have to be caught by the server and reported to the browser – Panagiotis Kanavos Oct 01 '21 at 07:16
  • Besides, if someone wants to sniff your API all they need to do is open that page and use either Fiddler or the browser's Developer Tools Network tab to inspect the requests. – Panagiotis Kanavos Oct 01 '21 at 07:20
  • If you want to be able to send the array body without an error, you should change your endpoint to accept a `List` since that is what you are sending. If you want your endpoint to accept either a single object or an array of objects, see [How to handle both a single item and an array for the same property using JSON.net](https://stackoverflow.com/q/18994685/3744182). – dbc Oct 01 '21 at 15:54
  • 1
    If you still want the error but with a different message, does [Custom error response for incorrect json. Dotnet Core Web API](https://stackoverflow.com/q/68485498/3744182) answer your question? – dbc Oct 01 '21 at 15:57
  • 1
    @dbc Yes. But I think others also have a valid point. To keep the behaviour as it is. – V K Oct 02 '21 at 14:18
  • @VK - then if you don't need an answer any more you might go ahead and [delete](https://meta.stackexchange.com/q/25088) this question. – dbc Oct 02 '21 at 16:29
  • I’m voting to close this question because the querent has indicated in comments they no longer need this question answered. – dbc Oct 02 '21 at 16:30
  • @dbc I would say let it be there. This might be useful for some else, having the same doubt. – V K Oct 05 '21 at 10:16

0 Answers0