0

I am trying to make a small web API for a course android application project. I made a Get method that returns a list of all users and all their attributes (which I don't need but it's ok for now since I am only testing on localhost).

Problem starts when I try to implement the Get method for just 1 user. I access /api/user?username=admin and it returns what I tell it to return but it doesn't return it in the JSON format unless I get the entire object (which is a bad idea because what if I want to remove the password from the response?)

This is how the raw JSON file for /api/user looks like:

the Users table is USERNAME (string) : EMAIL (string) : PASSWORD (string) : UTYPE (Byte)

[{"USERNAME":"admin","EMAIL":"admin@domain","PASSWORD":"p","UTYPE":2},{"USERNAME":"merchTest","EMAIL":"[email protected]","PASSWORD":"bezzo","UTYPE":1},{"USERNAME":"onlineTestConsumer","EMAIL":"[email protected]","PASSWORD":"bezzo","UTYPE":2},{"USERNAME":"zz","EMAIL":"[email protected]","PASSWORD":"zzzz","UTYPE":2}]

Which is correct.

But this is how the raw JSON file for /api/user?username=admin looks like

"p"

Which is obviously not right.

Here's my code for UserController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Web.Http;
using UserDataAccess;

namespace OkBoomerREST_API.Controllers
{
    [Route("api/user")]
    public class UserController : ApiController
    {
        public IEnumerable<USER> Get()
        {
            using (DB_A5061A_okboomerEntities users = new DB_A5061A_okboomerEntities())
            {
                return users.USERs.ToList();
            }    
        }

        public HttpResponseMessage Get(String username)
        {
            using (DB_A5061A_okboomerEntities users = new DB_A5061A_okboomerEntities())
            {
                HttpResponseMessage response = new HttpResponseMessage()
                {
                    Content = new StringContent(users.USERs.Where(u => u.USERNAME == username).ToList()[0].PASSWORD)
                };
                response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
                return response;
            }
        }
    }
}

What I want: The 2nd Get method to return a proper JSON object but without the password field (Basically, {"USERNAME":"admin","EMAIL":"admin@domain","UTYPE:2}). How can I do that?

I am very new to anything related to web and I am doing this just to be doing my project right (but I don't have to so this isn't a 'homework question') so I'd appreciate if answers were dumbed down to my level hahaha. I am sorry if it's a kind of stupid question but I have been staring at this for 3 hours now and all the answers I find online are ASP.NET Core so I don't really know what to do here.

Improve this question
4
  • 1
    Content = new StringContent(users.USERs.Where(u => u.USERNAME == username).ToList()[0].PASSWORD) << that line looks like you are setting the content to what the Password is - meaning you're getting the password as the response. Commented Nov 28, 2019 at 0:32
  • @DanOrlovsky oh I know! I can omit the password but that's not my issue, my issue is that the output isn't in a JSON format and is just plain text (I think?) and I want to return a JSON object with all the other attributes EXCEPT the password. If it was ...[0].USERNAME I'd still have the same problem. Commented Nov 28, 2019 at 6:07
  • passwords in clear ... in 2020 almost .... do we never learn? Commented Nov 29, 2019 at 11:58
  • @AndreiDragotoniu I am a 3rd year student and this is the first time I have ever dealt with web/android dev so I am not really knowledgeable about security. I know passwords shouldn't be stored in plain text but it's a software engineering course project so I thought it shouldn't really matter. Commented Nov 30, 2019 at 19:00

1 Answer 1

Reset to default
1

You can create a new anonymous object

`var UserWithoutPassword = users.USERs
           .Where(u => u.USERNAME == username).Select(x => new
                           {
                                P1 = table.Prop1,
                                P2 = table.Prop2
                           }).ToList();
Content = new StringContent(users.USERs.Where(u => u.USERNAME == username).ToList()`

Try something like this.

Another option, more lazy , go through the list and replace password with ''

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am getting an error at the .Select() because Select isn't overloaded to take 0 arguments. Am I missing something?
ups , forgot the select part

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.