.NET Core: Type serialization denied

When trying to return with a complex object in .NET Core API, which has a Type property in it, the serializer gives the following exception :

System.NotSupportedException: Serialization and deserialization of 'System.Type' instances are not supported and should be avoided since they can lead to security issues.

Passing Type, DataSet, DataTable through the JSON or XML serializer gives possibility to remote code execution for attackers. More information available at https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/dataset-datatable-dataview/security-guidance

Workaround:
Declare an enumeration for your types (ex: enum { string, int, etc }) you can parse the value for the requested type explicitly.

This content has 3 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.