ASP.NET Hosting

What Are DTOs in ASP.NET Core and Their Benefits?

Suzan Kara

Data must frequently be moved between various areas of an application when using ASP.NET Core, such as from the database to the API or from the server to the client. Directly disclosing your database models may lead to issues like tight coupling, needless data disclosure, or security threats. DTOs (Data Transfer Objects) come in rather handy in this situation. They function as basic classes created specifically for the safe and effective transportation of data.

We will learn what DTOs are, why they are necessary, and how to utilize them efficiently in ASP.NET Core apps in plain, easy-to-understand language.

What is a DTO?

A DTO (Data Transfer Object) is basically a container of data. It’s a class that usually has only properties without any logic. Its purpose is to transfer data between different layers of an application.

  • DTOs are not database models.
  • They only include the data that you actually want to send or receive.
  • They help make applications more secure and organized.

Example of a DTO

public class UserDto
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string Email { get; set; }
}

This DTO focuses only on Id, Name, and Email, even if the actual database User entity has more fields like password or internal tokens.

Data Security

One of the biggest reasons for using DTOs is security. When you expose your database models directly, you might accidentally share sensitive data such as passwords, tokens, or internal IDs with clients.

DTOs give you the control to decide exactly which fields should be exposed.

Example

// Database Entity
public class User
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string Email { get; set; }
    public string PasswordHash { get; set; } // sensitive data
}

// DTO
public class UserDto
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string Email { get; set; }
}

Here, the PasswordHash never reaches the client, ensuring safety.

Data Shaping

Clients often don’t need the entire entity; they only need certain fields. With DTOs, you can create a custom data shape for specific requirements.

For example, if your Product entity has 15 properties, but the client only needs the Name and Price, you can create a ProductDto:

public class ProductDto
{
    public string Name { get; set; }
    public decimal Price { get; set; }
}

This ensures that unnecessary fields (like supplier details or stock count) are not sent, making responses lighter and cleaner.

Performance Improvement

DTOs also improve application performance. By sending only the required fields, the response size becomes smaller, meaning:

  • Faster network transfer
  • Less data processing
  • Better performance on mobile and low-bandwidth networks

In large applications, this small optimization can make a huge difference for end-users.

Decoupling Layers

When you directly use database models in your API responses, any small change in your database structure can break your API. This creates a tight connection between database design and API design.

With DTOs, you keep things independent. You can change database models without affecting the API contract.

Example

  • Database model changes EmailEmailAddress
  • DTO still uses Email, so API remains consistent for clients

This decoupling makes your application flexible and future-proof.

Validation with DTOs

DTOs are also great for input validation. You can add data annotations to DTOs to validate input data before it even reaches the database.

public class RegisterUserDto
{
    [Required]
    [StringLength(50)]
    public string Name { get; set; }

    [Required]
    [EmailAddress]
    public string Email { get; set; }

    [Required]
    [MinLength(6)]
    public string Password { get; set; }
}

Here, the API will only accept valid data, preventing invalid or incomplete requests.

How to Use DTOs in ASP.NET Core

Step 1: Define DTO Classes

Create DTOs for data you want to expose or accept.

public class UserDto
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string Email { get; set; }
}

Step 2: Map Entities to DTOs

You can do this manually or with libraries like AutoMapper.

Manual Mapping

public static UserDto ToDto(User user)
{
    return new UserDto
    {
        Id = user.Id,
        Name = user.Name,
        Email = user.Email
    };
}

Using AutoMapper

var config = new MapperConfiguration(cfg => cfg.CreateMap<User, UserDto>());
var mapper = config.CreateMapper();
UserDto userDto = mapper.Map<UserDto>(user);

Step 3: Use DTOs in Controllers

[HttpGet("{id}")]
public ActionResult<UserDto> GetUser(int id)
{
    var user = _context.Users.Find(id);
    if (user == null) return NotFound();

    return Ok(new UserDto
    {
        Id = user.Id,
        Name = user.Name,
        Email = user.Email
    });
}
 DTOs vs Models in ASP.NET Core
Feature DTOs Models
Purpose Transfer data between layers Represent database schema
Contains Business Logic? No Sometimes (relationships, logic)
Security Secure – hides sensitive data Risk of exposing private fields
Flexibility Can be shaped per requirement Fixed as per database design

Summary

DTOs in ASP.NET Core are simple classes used to transfer data safely and efficiently. They help prevent exposing sensitive fields, improve performance by reducing payload size, allow validation at the input stage, and keep your database models independent from your API contracts. In short, DTOs provide a clean, secure, and maintainable way to handle data across different layers of your application, making them a best practice for building professional ASP.NET Core applications.