3 minutes
Handling Nullable References with Deserialization in .NET 9
.NET 9 introduced many features, including long-awaited improvements for JSON deserialization. These updates enhance handling nullable types, which helps avoid common issues like NullReferenceException
.
Over the years, C# has provided tools to manage nullability, such as enabling nullable annotations and using the required
modifier. However, deserialization often bypassed these safeguards. Let’s explore how .NET 9 addresses this problem.
Nullable reference types
Before C# 8.0, NullReferenceException
errors were common, especially with uninitialized strings. A string without a value defaults to null
, creating potential runtime issues. Developers often assigned default values to avoid exceptions, but these solutions lacked visibility.
With C# 8.0, nullable reference types were introduced to improve safety by detecting null references. Enabling this feature requires adding <Nullable>enable</Nullable>
to your project file.
Once enabled, the compiler issues warnings about potentially uninitialized properties. For example, the class below triggers warnings for FirstName
and LastName
, as there is no constructor to initialize them:
class Person
{
public string FirstName { get; set; }
public string LastName { get; set; }
}
To resolve these warnings, you can provide a default value or mark the property as optional:
class Person
{
public string FirstName { get; set; } = ""; // Default value ensures it's never null
public string? LastName { get; set; } // Optional, can still be null
}
The required
modifier
Setting default values isn’t always ideal. In C# 11, the required
modifier was introduced to enforce property initialization during object creation. A required
property must be set, or the code won’t compile.
Setting a default value isn’t always what we want. In C# 11 the required modifier was introduced which allows us to say “you cannot create a new object of this class, without at least specifying these fields/properties”. It allows us to get rid of the default value and now prevents code compilation if a required property isn’t being set.
class Person
{
public required string FirstName { get; set; }
public required string LastName { get; set; }
}
// --- Example
var person = new Person
{
FirstName = "John"
}; // Compilation error: 'LastName' is required
This modifier ensures objects are properly initialized.
The problem with deserialization
By default, System.Text.Json ignores nullability when deserializing objects. Consider the example below:
class Person
{
public required string FirstName { get; set; }
public required string LastName { get; set; }
}
// ---
var json = "{\"firstName\":\"John\", \"lastName\":null}";
var person = JsonSerializer.Deserialize<Person>(json, options: JsonSerializerOptions.Web);
Console.WriteLine($"Person: {person.FirstName} {person.LastName}"); // Output: "Person: John "
person.LastName.ToUpper(); // Throws NullReferenceException
The deserializer creates a Person
object with LastName
set to null
, even though this would not be possible with direct initialization. This behavior undermines the protections provided by nullable reference types and required
modifiers.
Respecting Nullable Annotations in .NET 9
.NET 9 addresses this issue with the RespectNullableAnnotationsDefault
feature. This opt-in feature enforces nullability rules during deserialization, ensuring invalid objects aren’t created. Since it introduces breaking changes, it’s disabled by default but recommended for new projects.
Here’s the updated behavior:
class Person
{
public required string FirstName { get; set; }
public required string LastName { get; set; }
}
// ---
var json = "{\"firstName\":\"John\", \"lastName\":null}";
var person = JsonSerializer.Deserialize<Person>(json, options: JsonSerializerOptions.Web);
// Throws JsonException: "The property or field 'lastName' on type 'Person' doesn't allow setting null values"
Enabling RespectNullableAnnotationsDefault
To enable this feature globally, add the following to your project file:
<ItemGroup>
<RuntimeHostConfigurationOption Include="System.Text.Json.Serialization.RespectNullableAnnotationsDefault" Value="true" />
</ItemGroup>
Alternatively, enable it for specific calls:
JsonSerializerOptions options = new() { RespectNullableAnnotations = true };
JsonSerializer.Deserialize<Person>(json, options: options);
Conclusion
With .NET 9’s RespectNullableAnnotationsDefault
option, developers can better enforce property validity during deserialization. These improvements complement existing nullability tools.
References
If you want to read more about changes to system.text.json in .NET 9 or nullable references in general, please check out the following links: