Hide a property in c# code

Question

I have a Business class say User.cs:

  [Serializable]
    public class User
    {

        public int UserID { get; set; }
        public string UserName { get; set; }
        public int Password { get; set; }

    }

In my server side code I am writing the following code to serialize the user object in JSON format:

User user=SomeUserBLClass.GetUser(1);
Response.Write(new JavaScriptSerializer().Serialize(user));

My requirement is to hide the password being sent to client side i.e I don't want the password field to come in json data. Can you help me fixing this?

Is password really an int? o_O

David Hedlund
– David Hedlund

2011-11-17 15:17:05 +00:00
Commented Nov 17, 2011 at 15:17 — David Hedlund
– David Hedlund, Commented Nov 17, 2011 at 15:17
No :) just for a sample code.

Rocky Singh
– Rocky Singh

2011-11-17 16:48:27 +00:00
Commented Nov 17, 2011 at 16:48 — Rocky Singh
– Rocky Singh, Commented Nov 17, 2011 at 16:48

Binary Worrier · Accepted Answer · 2012-08-14 15:28:19Z

7

You could add the [ScriptIgnore] attribute to Password.

[Serializable]
public class User
{

    public int UserID { get; set; }
    public string UserName { get; set; }

    [ScriptIgnore]
    public int Password {get; set;}
}

edited Aug 14, 2012 at 15:28

answered Nov 17, 2011 at 14:57

Binary Worrier

51.8k20 gold badges144 silver badges188 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

David Hedlund Over a year ago

Wouldn't [ScriptIgnore] achieve the same, but work on an auto property?

Binary Worrier Over a year ago

@David: Absoutely it would, I hadn't come across [ScriptIgnore] before, thanks. I'll change the answer so.

Binary Worrier · Accepted Answer · 2011-11-17 14:53:03Z

3

How about using an anonymous type and omitting password?

Response.Write(new JavaScriptSerializer().Serialize(new {UserId = user.UserId, UserName = user.UserName});

answered Nov 17, 2011 at 14:53

Binary Worrier

51.8k20 gold badges144 silver badges188 bronze badges

1 Comment

David Hedlund Over a year ago

I like this solution because it forces you to think about what you really need to pass on to the client. Otherwise you'll soon enough end up in a situation where you're hiding the password, because you cared about that, but you still serialize heaps of fields that weren't really necessary.

user32826 · Accepted Answer · 2011-11-17 15:06:28Z

0

Exclude the Password field entirely from the user object, and only allow internal usage of the backend version within SomeUserBLClass via methods such as ValidateUser or ChangePassword.

You don't really want any version of the password exposed to the front layer in any form - there is always the chance that the display layer throws a wobbly and dumps data to the client in some form.

Remove it from the equation, and only allow transitional access to it, and it ceases being an issue.

answered Nov 17, 2011 at 15:06

user32826

Collectives™ on Stack Overflow

Hide a property in c# code

3 Answers 3

2 Comments

1 Comment

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

2 Comments

1 Comment

Comments

Your Answer

Sign up or log in

Post as a guest

Related