Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / C# / December 2007

Tip: Looking for answers? Try searching our database.

Help with ISerializable help file paragraph.

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Rene - 18 Dec 2007 19:33 GMT
OK, I give up, the msdn help for custom serialization:

http://msdn2.microsoft.com/en-us/library/ty01x675(VS.90).aspx

Hs the following paragraph on it:

-----
In addition, you should not use default serialization on a class that is
marked with the Serializable attribute and has declarative or imperative
security at the class level or on its constructors. Instead, these classes
should always implement the ISerializable interface.
-----

Why?? Could someone tell me PLEASE what a heck does this mean? Why would
having imperative security at the class level or on its constructors have
anything to do with nothing?? What kind of security is this thing talking
about?

Thank you.
Reply to this Message
Family Tree Mike - 19 Dec 2007 12:21 GMT
> OK, I give up, the msdn help for custom serialization:
>
[quoted text clipped - 15 lines]
>
> Thank you.

My guess is that this is an obtuse way of describing that XML serialization
needs a public default constructor.
Reply to this Message
Marc Gravell - 19 Dec 2007 12:41 GMT
> My guess is that this is an obtuse way of describing that XML serialization
> needs a public default constructor.

True: xml serialization *does* need a default ctor, but ISerializable
is for binary serialization (IXmlSerializable is for xml).

I don't claim to fully understand the paragraph myself - I'm just
trying to avoid a red herring...

Marc
Reply to this Message
Nicholas Paldino [.NET/C# MVP] - 19 Dec 2007 18:07 GMT
Actually, ISerializable is not for binary serialization specifically,
but the serialization engine in System.Runtime.Serialization.  This engine
will use reflection to get the internal members of a type, as opposed to Xml
serialization, which only works with the public members.  Also, the
serialization engine in System.Runtime.Serialization supports multiple
formatters (soap, binary), whereas there is only one format for XML
Serialization.

Signature

         - Nicholas Paldino [.NET/C# MVP]
         - mvp@spam.guard.caspershouse.com

>> My guess is that this is an obtuse way of describing that XML
>> serialization
[quoted text clipped - 7 lines]
>
> Marc
Reply to this Message
Nicholas Paldino [.NET/C# MVP] - 19 Dec 2007 18:09 GMT
Rene,

   What this means is that if you have declarative security attributes on
your instance, or if you are making explicit calls to the Demand method on
permission objects, you should implement ISerializable.

   The reason for this is that constructors are not called when serialized
instances are created, except when using custom serialization (ISerializable
and the constructor with the specific declaration).  Because of this, if you
have any security on the class level or constructor level, it is not applied
when deserializing instances.  In order to preserve that, you have to
declare the custom constructor and apply the declarative security there, or
make the explicit call in the constructor.

Signature

         - Nicholas Paldino [.NET/C# MVP]
         - mvp@spam.guard.caspershouse.com

> OK, I give up, the msdn help for custom serialization:
>
[quoted text clipped - 15 lines]
>
> Thank you.
Reply to this Message
Rene - 20 Dec 2007 17:26 GMT
Thanks Nicolas!!

It all makes sense now, I think I was this >< close from figuring it out
after 2 hours of searching online obsessing for the answer. Of course, I am
sure all this formatter stuff is probably obsolete with the new .Net 3.5
framework but hey, what am I supposed to do!!

Now all I have left to do is try to figure out why the serialization special
constructor is not called "virtualized" the same way the "GetObjectData"
method is called. According to some document I read online, this used to be
the way it was done but not anymore. My guess is that is something to do
with security?

Again, thanks for your help... by the way, I have not been able to find
bacon ice cream where I live, you must live on some obscure part of the
country :)

Thanks.

> Rene,
>
[quoted text clipped - 30 lines]
>>
>> Thank you.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.