Home/ Questions/Q 9132609
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T08:20:22+00:00

I have ApiConroller with method looking like that: [HttpGet] public IEnumerable<MyValue> Values() { return

  • 0

I have ApiConroller with method looking like that:

[HttpGet]
public IEnumerable<MyValue> Values()
{
     return db.MyValues.ToList();
}

It returns a JSON array. I use jQuery to get results. How do I keep that array from being hijacked, smth like autonesting, etc.?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can do it in a generic way.

    Add the following class:

    public class SecureJsonMediaTypeFormatter : JsonMediaTypeFormatter
{
    public override System.Threading.Tasks.Task WriteToStreamAsync(Type type, object value, System.IO.Stream writeStream, HttpContent content, TransportContext transportContext)
    {
        if ((typeof (IEnumerable).IsAssignableFrom(type)))
        {
            value = new {result = value};
        }
        return base.WriteToStreamAsync(type, value, writeStream, content, transportContext);
    }
}

    And now, in your WebApiConfig replace the default JSonMediaTypeFormatter with this new one:

        config.Formatters.RemoveAt(0);
    config.Formatters.Insert(0, new SecureJsonMediaTypeFormatter());

    Now you can return any IEnumerable you wish, like you originally did, i.e.

    [HttpGet]
public IEnumerable<MyValue> Values()
{
     return db.MyValues.ToList();
}

    And the SecureJsonMEdiaTypeFormatter will intercept it, and wrap in an anonymous object, under result property:

    {
    "result": [
        {
            "name": "Toronto Maple Leafs",
            "league": "NHL"
        },
        {
            "name": "Montreal Canadiens",
            "league": "NHL"
        }
    ]
}
    • 0