0

I have a user model and there are different properties I want to be obtainable in different circumstances,

I have a WebAPI that handles the User Model, and for different actions, I need certain properties excluded.

E.g.

When I do /API/Users -> I want to omit the passwords as this will enable someone to see the hashes of all the passwords.

However I can't outright omit the passwords as the password is required by actions such as login.

What is the best solution to enable omission of certain fields depending on the circumstances?

As a work around I added this code to my API Action

       // GET: api/Users
        public List<User> GetUsers()
        {
            return db.Users.ToList().Select(u => { u.password = ""; return u; }).ToList();

        }

but surely there is a more elegant solution than this. Ideally I would like to add an annotation to the action that precludes certain properties from the result set

Max Carroll
  • 4,441
  • 2
  • 31
  • 31
  • This is very vague. It's hard to tell where exactly you need help. it could be as basic as knowing how to do projections, who knows? – Gert Arnold Sep 26 '15 at 19:37
  • I remember in one of my jobs we used includable and excludable annotations but I'm not sure what framework that was, do you know what framework they are used in? – Max Carroll Sep 26 '15 at 19:43
  • What's the content result for the user? XML? JSON? – silkfire Sep 27 '15 at 01:21

0 Answers0