如何在Web API 2.2中序列化一个IdentityUser参考？ [英] How do I serialize an IdentityUser reference in Web API 2.2?

问题描述

Visual StudioWeb API项目模板包括用于处理用户的注册，身份验证和授权的端点。然而，在生产应用程序中，用户通常也会与其他实体相关联，例如：

The Visual Studio "Web API" project template includes endpoints for handling registration, authentication, and authorization of users. In a production application, however, users will typically be associated with other Entities as well, such as:

public class Post {
  public Post() {};
  public int Id { get; set; }
  public ApplicationUser User { get; set; }
}

在这些情况下， ApplicationUser class（从 IdentityUser 导出）不能被序列化。尝试这样做会产生类似于以下错误的错误：

In these scenarios, the ApplicationUser class (which is derived from IdentityUser) cannot be serialized. Attempting to do so will yield an error similar to:

'ObjectContent '1'类型无法序列化响应正文，应用/ JSON; charset = utf-8'。

The 'ObjectContent`1' type failed to serialize the response body for content type 'application/json; charset=utf-8'.

我已经看到其他地方提出的类似问题，推荐通过DTO而不是 ApplicationUser 对象。但是，这似乎是开发人员的开销。没有办法直接序列化 ApplicationUser

I've seen similar issues raised elsewhere with the recommendation to pass a DTO instead of the ApplicationUser object. That seems like a lot of developer overhead, however. Is there not a way to serialize ApplicationUser directly?

推荐答案

显然，在 IdentityUser 中可以提供不应公开暴露给其他用户的属性，例如 PasswordHash 。其他的，例如电子邮件和 PhoneNumber 可能会违反用户隐私期望，具体取决于您的API的身份验证设置。因此，应仔细评估哪些属性是不暴露的。使用DTO解决这些问题。

Obviously, there are properties available on IdentityUser which should not be publicly exposed to other users, such as PasswordHash. Others, such as Email and PhoneNumber may violate user privacy expectations depending on your API's authentication settings. As such, which properties are and are not exposed should be carefully evaluated. Using a DTO addresses these issues.

说，没有理由不能通过添加 IdentityUser 类来序列化， code> DataContractAttribute 到你继承的类：

That said, there is no reason you can't configure the IdentityUser class to be serialized by adding the DataContractAttribute to your inherited class:

[DataContract] 
public class ApplicationUser : IdentityUser {
  //...
}

您可以然后使用 DataMemberAttribute 显式地包含您要公开的任何自定义属性：

You may then explicitly include any custom properties you wish to expose using the DataMemberAttribute:

[DataMember]
public string TwitterHandle { get; set; }

如果您希望公开 UserIdentity ，你需要覆盖它们：

If you wish to expose members of UserIdentity, you'll need to override them:

[DataMember]
public override string UserName {
  get {
    return base.UserName;
  }
  set {
    base.UserName = value;
  }
}

最后，值得注意的是，这些属性将被共享任何人都可以访问端点。如果你想更详细的控制谁看到什么，然后把对象包裹在一个DTO将提供。

Finally, it's worth noting that these properties will be shared with anyone who has access to the endpoint. If you want more detailed control over who sees what then wrapping the object in a DTO will provide that.

这篇关于如何在Web API 2.2中序列化一个IdentityUser参考？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！