I'm looking for a way to validate dynamic objects. The dynamic objects are used in an internal API. I know that I can
convert to XML and use XSD for validation
convert to JSON and use Json.NET .IsValid(schema) or the Json.NET Schema package
validate each property in code like HasProperty as shown here
The XML and JSON based approaches requires serialization and deserialization and this will impact performance when used frequently. The code based validation is difficult to maintain (in particular for hierarchical objects) and can't be used easily by API consumers.
I was looking to find something similar to XSD validation but natively for dynamic objects but had no luck. I'm fine if it is limited to ExpandoObjects.
My minimum requirements:
identify missing required properties
identify properties which are not specified
allow optional properties
allow nested objects
Related
I'm currently evaluating this library from a security perspective. Since YAML can be used to serialize objects, I was wondering if the defaults provided by the parser are set such that deserialization of arbitrary objects is prevented.
Putting it differently:
What are the steps needed to allow for the creation of any type of object give a YAML string containing the definition of a specific type?
From what I could tell going through the documentation, this behaviour is not easily reproducible, since the deserializer expects a type of an object to populate with the given data.
As a second, related question: Are validation checks that are present during the creation of objects (e.g. "Age" property can not be larger than 130 and smaller than 0) or when using a getter/setter pattern being used when creating the object, or is it possible to create objects that have unexpected data inside them that way?
Given a JSON schema (given at runtime), I need a function in C# that takes a string as an argument, validates if the given string is a valid JSON object of the given schema and returns a C# serializable object.
With C# serializable object I mean an object that can be added to a ValueSet.
Problem 1:
I know, with Json.NET I can deserialize JSON objects, but this works only with classes that are defined at compilation time, whereas my JSON schema is given at runtime, so the classes are not already defined at compilation time!
Problem 2:
Json.NET is not returning serializable objects, i.e. the objects that are returned by Json.NET can not be added to a ValueSet!
While it doesn't exactly solve your problems, there may be a workaround: composition.
Create a wrapper class that implements ISerializable and has a dynamic property. Deserialize your object and store it in this property. You'll have to supply the de/serialization code for your object, but that should be straightforward: just have the JSON serializer do the work.
The trouble you're experiencing is that you're asking a library that's written as generically as possible to do something very specific. You'd have a hard time finding a library that does this. (Though I think it's a good idea, and I may add it to my type generation feature.)
(Shameless plug) Also, have you looked at Manatee.Json?
I'm trying to serialize an array of objects into JSON in C#. By array I mean something like Object[] (not Array<Object>), I'm using a JsonMediaTypeFormatter as part of MVC (the serialization is happening automatically as part of the framework but I can override it). The output contains {"count":2,"value":[{...},{...},...]}" where the ... is the json representation of the object. I've looked around and haven't found much information about suppressing this behavior. I want the output to just be the [{...},{...},...] rather than the object with count and values properties. Does anyone know how to achieve this without manually writing the code to do the serialization?
You could consider an alternative framework like the JSON.NET framework. I don't know how much you can customize if you are using an in-built .NET object since there are public properties that are not being ignored. Not using the JSONMediaTypeFormatter much, if it allows you to ignore properties, consider overriding List or ArrayList to hide certain attributes.
I would recommend not returning an array directly as there is a security flaw that could be compromised in a client browser (if that is the consumer). See this reference to find out more.
I am currently using C# WebAPI for our API.
I need to be able to serialise as either JSON or XML only certain properties on an object. What makes this harder is that we serialise the object back and forth for use in the data layer so I cannot just use the standard attributes to ignore when serialising.
I want to create a custom attribute (ApiPropertyAttribute) and then use a filter in the serialise to only return the properties with the new attribute. We only want to use the filter for WebAPI use only.
We don't want to create a new object and use mappers for maintenance reasons.
I have looked at media type formatters and converters but can't get them to do what I want.
Any help appreciated.
I'm writing a program that builds up a tree structure made up of classes that inherit from an abstract Node class. There are a number of different type of nodes built into my program. However, I also want to allow more advanced users to be able to reference my library and write their own derivations of Node. These plug-in libraries are then loaded when my app starts up through Assembly.Load(). Thus all the potential Node types used by my application will not be known until run time.
In addition, I want to be able to serialize and deserialize these trees to and from XML files. I have some experience with XMLSerializer, DataContractSerializer, and implementing IXmlSerializable. Typically, I go with DataContractSerializer as it usually requires less code then implementing IXmlSerializable, and can serialize private fields where XmlSerializer can not.
Yet with this project I also have to consider that other users will be creating classes that derive from my class, and will also have to add whatever code or attributes are required to serialize them as well.
Considering this are there reasons I should go with one serialization mechanism over another?
If the serialization and deserialization will only occur within your application, and if there is no requirement that anyone else be able to read the serialized data, then the serialization format doesn't impact the API: as far as a user of the API is concerned, you will serialize into an opaque file and deserialize from the same.
In this case, use DataContractSerializer, as it can serialize into binary if necessary.