SerializationBinder SerializationBinder SerializationBinder SerializationBinder Class

Definition

Ermöglicht es Benutzern, das Laden von Klassen zu überwachen und zu bestimmen, welche Klasse geladen werden soll.Allows users to control class loading and mandate what class to load.

public ref class SerializationBinder abstract
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public abstract class SerializationBinder
type SerializationBinder = class
Public MustInherit Class SerializationBinder
Vererbung
SerializationBinderSerializationBinderSerializationBinderSerializationBinder
Attribute

Beispiele

using namespace System;
using namespace System::IO;
using namespace System::Runtime::Serialization;
using namespace System::Runtime::Serialization::Formatters::Binary;
using namespace System::Reflection;
using namespace System::Security::Permissions;
ref class Version1ToVersion2DeserializationBinder;

[Serializable]
ref class Version1Type
{
public:
   Int32 x;
};


[Serializable]
ref class Version2Type: public ISerializable
{
public:
   Int32 x;
   String^ name;

   // The security attribute demands that code that calls  
   // this method have permission to perform serialization.

   [SecurityPermissionAttribute(SecurityAction::Demand,SerializationFormatter=true)]
   virtual void GetObjectData( SerializationInfo^ info, StreamingContext context )
   {
      info->AddValue( "x", x );
      info->AddValue( "name", name );
   }


private:

   // The security attribute demands that code that calls  
   // this method have permission to perform serialization.

   [SecurityPermissionAttribute(SecurityAction::Demand,SerializationFormatter=true)]
   Version2Type( SerializationInfo^ info, StreamingContext context )
   {
      x = info->GetInt32( "x" );
      try
      {
         name = info->GetString( "name" );
      }
      catch ( SerializationException^ ) 
      {
         // The 'name' field was not serialized because Version1Type 
         // did not contain this field.
         // We will set this field to a reasonable default value.
         name =  "Reasonable default value";
      }
   }
};

ref class Version1ToVersion2DeserializationBinder sealed: public SerializationBinder
{
public:
   virtual Type^ BindToType( String^ assemblyName, String^ typeName ) override
   {
      Type^ typeToDeserialize = nullptr;

      // For each assemblyName/typeName that you want to deserialize to
      // a different type, set typeToDeserialize to the desired type.
      String^ assemVer1 = Assembly::GetExecutingAssembly()->FullName;
      String^ typeVer1 =  "Version1Type";
      if ( assemblyName->Equals( assemVer1 ) && typeName->Equals( typeVer1 ) )
      {
         // To use a type from a different assembly version, 
         // change the version number using the following line of code.
         // assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0");
         // To use a different type from the same assembly, 
         // change the type name.
         typeName =  "Version2Type";
      }

      // The following line of code returns the type.
      typeToDeserialize = Type::GetType( String::Format(  "{0}, {1}", typeName, assemblyName ) );
      return typeToDeserialize;
   }
};

ref class App
{
public:
   static void Serialize()
   {
      // To serialize the objects, you must first open a stream for writing. 
      // We will use a file stream here.
      FileStream^ fs = gcnew FileStream( "DataFile.dat",FileMode::Create );
      try
      {
         // Construct a BinaryFormatter and use it 
         // to serialize the data to the stream.
         BinaryFormatter^ formatter = gcnew BinaryFormatter;

         // Construct a Version1Type Object and serialize it.
         Version1Type^ obj = gcnew Version1Type;
         obj->x = 123;
         formatter->Serialize( fs, obj );
      }
      catch ( SerializationException^ e ) 
      {
         Console::WriteLine( "Failed to serialize. Reason: {0}", e->Message );
         throw;
      }
      finally
      {
         fs->Close();
      }
   }

   static void Deserialize()
   {
      // Declare the Version2Type reference.
      Version2Type^ obj = nullptr;

      // Open the file containing the data that we want to deserialize.
      FileStream^ fs = gcnew FileStream( "DataFile.dat",FileMode::Open );
      try
      {
         // Construct a BinaryFormatter and use it 
         // to deserialize the data from the stream.
         BinaryFormatter^ formatter = gcnew BinaryFormatter;

         // Construct an instance of our 
         // Version1ToVersion2TypeSerialiationBinder type.
         // This Binder type knows how to deserialize a Version1Type  
         // Object* to a Version2Type Object.
         formatter->Binder = gcnew Version1ToVersion2DeserializationBinder;
         obj = dynamic_cast<Version2Type^>(formatter->Deserialize( fs ));
      }
      catch ( SerializationException^ e ) 
      {
         Console::WriteLine( "Failed to deserialize. Reason: {0}", e->Message );
         throw;
      }
      finally
      {
         fs->Close();
      }

      // To prove that a Version2Type Object* was deserialized, 
      // display the Object's type and fields to the console.
      Console::WriteLine( "Type of Object deserialized: {0}", obj->GetType() );
      Console::WriteLine( "x = {0}, name = {1}", obj->x, obj->name );
   }
};

[STAThread]
int main()
{
   App::Serialize();
   App::Deserialize();
   return 0;
}
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters.Binary;
using System.Reflection;
using System.Security.Permissions;


class App 
{
    [STAThread]
    static void Main() 
    {
        Serialize();
        Deserialize();
    }

    static void Serialize() 
    {
        // To serialize the objects, you must first open a stream for writing. 
        // Use a file stream here.
        FileStream fs = new FileStream("DataFile.dat", FileMode.Create);

        try 
        {
            // Construct a BinaryFormatter and use it 
            // to serialize the data to the stream.
            BinaryFormatter formatter = new BinaryFormatter();

            // Construct a Version1Type object and serialize it.
            Version1Type obj = new Version1Type();
            obj.x = 123;
            formatter.Serialize(fs, obj);
        }
        catch (SerializationException e) 
        {
            Console.WriteLine("Failed to serialize. Reason: " + e.Message);
            throw;
        }
        finally 
        {
            fs.Close();
        }
    }

   
    static void Deserialize() 
    {
        // Declare the Version2Type reference.
        Version2Type obj = null;

        // Open the file containing the data that you want to deserialize.
        FileStream fs = new FileStream("DataFile.dat", FileMode.Open);
        try 
        {
            // Construct a BinaryFormatter and use it 
            // to deserialize the data from the stream.
            BinaryFormatter formatter = new BinaryFormatter();

            // Construct an instance of our the
            // Version1ToVersion2TypeSerialiationBinder type.
            // This Binder type can deserialize a Version1Type  
            // object to a Version2Type object.
            formatter.Binder = new Version1ToVersion2DeserializationBinder();

            obj = (Version2Type) formatter.Deserialize(fs);
        }
        catch (SerializationException e) 
        {
            Console.WriteLine("Failed to deserialize. Reason: " + e.Message);
            throw;
        }
        finally 
        {
            fs.Close();
        }

        // To prove that a Version2Type object was deserialized, 
        // display the object's type and fields to the console.
        Console.WriteLine("Type of object deserialized: " + obj.GetType());
        Console.WriteLine("x = {0}, name = {1}", obj.x, obj.name);
    }
}


[Serializable]
class Version1Type 
{
    public Int32 x;
}


[Serializable]
class Version2Type : ISerializable 
{
    public Int32 x;
    public String name;
   
    // The security attribute demands that code that calls
    // this method have permission to perform serialization.
    [SecurityPermissionAttribute(SecurityAction.Demand,SerializationFormatter=true)]
    void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) 
    {
        info.AddValue("x", x);
        info.AddValue("name", name);
    }

    // The security attribute demands that code that calls  
    // this method have permission to perform serialization.
    [SecurityPermissionAttribute(SecurityAction.Demand,SerializationFormatter=true)]
    private Version2Type(SerializationInfo info, StreamingContext context) 
    {
        x = info.GetInt32("x");
        try 
        {
            name = info.GetString("name");
        }
        catch (SerializationException) 
        {
            // The "name" field was not serialized because Version1Type 
            // did not contain this field.
            // Set this field to a reasonable default value.
            name = "Reasonable default value";
        }
    }
}


sealed class Version1ToVersion2DeserializationBinder : SerializationBinder 
{
    public override Type BindToType(string assemblyName, string typeName) 
    {
        Type typeToDeserialize = null;

        // For each assemblyName/typeName that you want to deserialize to
        // a different type, set typeToDeserialize to the desired type.
        String assemVer1 = Assembly.GetExecutingAssembly().FullName;
        String typeVer1 = "Version1Type";

        if (assemblyName == assemVer1 && typeName == typeVer1) 
        {
            // To use a type from a different assembly version, 
            // change the version number.
            // To do this, uncomment the following line of code.
            // assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0");

            // To use a different type from the same assembly, 
            // change the type name.
            typeName = "Version2Type";
        }

        // The following line of code returns the type.
        typeToDeserialize = Type.GetType(String.Format("{0}, {1}", 
            typeName, assemblyName));

        return typeToDeserialize;
    }
}
Imports System.IO
Imports System.Runtime.Serialization
Imports System.Runtime.Serialization.Formatters.Binary
Imports System.Reflection
Imports System.Security.Permissions

Class App
   <STAThread()> Shared Sub Main()
      Serialize()
      Deserialize()
   End Sub


   Shared Sub Serialize()
      ' To serialize the objects, you must first open a stream for writing. 
      ' Use a file stream here.
      Dim fs As New FileStream("DataFile.dat", FileMode.Create)

      Try
         ' Construct a BinaryFormatter and use it 
         ' to serialize the data to the stream.
         Dim formatter As New BinaryFormatter

         ' Construct a Version1Type object and serialize it.
         Dim obj As New Version1Type
         obj.x = 123
         formatter.Serialize(fs, obj)
      Catch e As SerializationException
         Console.WriteLine("Failed to serialize. Reason: " & e.Message)
         Throw
      Finally
         fs.Close()
      End Try
   End Sub


   Shared Sub Deserialize()
      ' Declare the Version2Type reference.
      Dim obj As Version2Type = Nothing

      ' Open the file containing the data that you want to deserialize.
      Dim fs As New FileStream("DataFile.dat", FileMode.Open)
      Try
         ' Construct a BinaryFormatter and use it 
         ' to deserialize the data from the stream.
         Dim formatter As New BinaryFormatter

         ' Construct an instance of the 
         ' Version1ToVersion2TypeSerialiationBinder type.
         ' This Binder type can deserialize a Version1Type  
         ' object to a Version2Type object.
         formatter.Binder = New Version1ToVersion2DeserializationBinder

         obj = DirectCast(formatter.Deserialize(fs), Version2Type)
      Catch e As SerializationException
         Console.WriteLine("Failed to deserialize. Reason: " & e.Message)
         Throw
      Finally
         fs.Close()
      End Try

      ' To prove that a Version2Type object was deserialized, 
      ' display the object's type and fields to the console.
      Console.WriteLine("Type of object deserialized: {0}", obj.GetType())
      Console.WriteLine("x = {0}, name = {1}", obj.x, obj.name)
   End Sub
End Class


<Serializable()> Class Version1Type
   Public x As Int32
End Class


<Serializable()> Class Version2Type
   Implements ISerializable
   Public x As Int32
   Public name As String

   ' The security attribute demands that code that calls  
   ' this method have permission to perform serialization.
   <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter:=True)> _
   Private Sub GetObjectData(ByVal info As SerializationInfo, _
         ByVal context As StreamingContext) Implements ISerializable.GetObjectData
      info.AddValue("x", x)
      info.AddValue("name", name)
   End Sub

   ' The security attribute demands that code that calls  
   ' this method have permission to perform serialization.
   <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter:=True)> _
   Private Sub New(ByVal info As SerializationInfo, _
         ByVal context As StreamingContext)
      x = info.GetInt32("x")
      Try
         name = info.GetString("name")
      Catch e As SerializationException
         ' The "name" field was not serialized because 
         ' Version1Type did not contain this field.
         ' Set this field to a reasonable default value.
         name = "Reasonable default value"
      End Try
   End Sub
End Class


NotInheritable Class Version1ToVersion2DeserializationBinder
   Inherits SerializationBinder
   Public Overrides Function BindToType(ByVal assemblyName As String, _
         ByVal typeName As String) As Type

      Dim typeToDeserialize As Type = Nothing

      ' For each assemblyName/typeName that you want to deserialize
      ' to a different type, set typeToDeserialize to the desired type.
      Dim assemVer1 As String = [Assembly].GetExecutingAssembly().FullName
      Dim typeVer1 As String = GetType(Version1Type).FullName

      If assemblyName = assemVer1 And typeName = typeVer1 Then
         ' To use a type from a different assembly version, 
         ' change the version number.
         ' To do this, uncomment the following code.
         ' assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0")

         ' To use a different type from the same assembly, 
         ' change the type name.
         typeName = typeName.Replace("Version1Type", "Version2Type")
      End If

      ' The following code returns the type.
      typeToDeserialize = Type.GetType(String.Format("{0}, {1}", typeName, _
                                       assemblyName))

      Return typeToDeserialize
   End Function
End Class

Hinweise

Ein Formatierungsprogramm überträgt während der Serialisierung die Informationen, die zum Erstellen einer Instanz eines Objekts mit dem korrekten Typ und der korrekten Version erforderlich sind.During serialization, a formatter transmits the information required to create an instance of an object of the correct type and version. Diese Informationen enthalten i. d. R. den vollständigen Typ- und Assemblynamen des Objekts.This information generally includes the full type name and assembly name of the object. Der Assemblyname enthält den Namen, die Version und den starken Namen (siehe Assemblys mit starkem Namen) der Assembly.The assembly name includes the name, version, and strong name (see Strong-Named Assemblies) hash of the assembly. In der Standardeinstellung wird bei der Deserialisierung anhand dieser Informationen eine Instanz eines identischen Objekts erstellt. Das Laden durch Sicherheitsrichtlinien eingeschränkter Assemblys bildet hierbei eine Ausnahme.By default, deserialization uses this information to create an instance of an identical object (with the exception of any assembly loading restricted by the security policy). Einige Benutzer müssen möglicherweise steuern können, welche Klasse geladen wird, entweder weil die Klasse von einer Assembly zu einer anderen verschoben wurde oder weil auf dem Client und dem Server jeweils eine andere Version der Klasse erforderlich ist.Some users need to control which class to load, either because the class has moved between assemblies or a different version of the class is required on the server and client.

SerializationBinderkann auch für die Sicherheit verwendet werden.SerializationBinder can also be used for security. Es gibt möglicherweise einige Sicherheitslücken, wenn Sie versuchen, einige Daten aus einer nicht vertrauenswürdigen Quelle zu deserialisieren.There might be some security exploits when you are trying to deserialize some data from an untrusted source. Der Binder bietet Ihnen die Möglichkeit, zu überprüfen, welche Typen in Ihrer Anwendungsdomäne geladen werden.The binder gives you an opportunity to inspect what types are being loaded in your application domain. Sie können dann entweder die Liste der verweigerten Typen oder eine Liste zulässiger Typen verwalten und einschränken, welche Typen geladen und instanziiert werden.You can then either maintain list of denied types or a list of allowed types and restrict which types are being loaded and instantiated. Außerdem sollten Sie berücksichtigen, welche Informationen bei der Übertragung ausgegeben werden, und Sie können die Transport-oder Nachrichten Sicherheit beim Senden von Typnamen oder anderen Daten über das Netzwerk sichern (Transport-oder Nachrichten Sicherheit).In addition you should be mindful of what information is being put out on the wire, you may want to secure (use transport or message security) when sending type names or other data on the wire.

Warnung

Verwenden SerializationBinder Sie nur, wenn Sie vollständig sicher sind, welche Informationen serialisiert werden.Only use SerializationBinder if you are completely sure of what information is being serialized. Schädliche Typen können zu unerwartetem Verhalten führen.Malicious types can cause unexpected behavior.

Dies ist eine abstrakte Basisklasse.This is an abstract base class. Alle Binder erweitern diese Klasse.All binders extend this class.

Hinweise für Vererber

Wenn Sie von SerializationBinder erben, müssen Sie folgenden Member überschreiben: BindToType(String, String).When you inherit from SerializationBinder, you must override the following member: BindToType(String, String).

Konstruktoren

SerializationBinder() SerializationBinder() SerializationBinder() SerializationBinder()

Initialisiert eine neue Instanz der SerializationBinder-Klasse.Initializes a new instance of the SerializationBinder class.

Methoden

BindToName(Type, String, String) BindToName(Type, String, String) BindToName(Type, String, String) BindToName(Type, String, String)

Steuert beim Überschreiben in einer abgeleiteten Klasse die Bindung eines serialisierten Objekts an einen Typ.When overridden in a derived class, controls the binding of a serialized object to a type.

BindToType(String, String) BindToType(String, String) BindToType(String, String) BindToType(String, String)

Steuert beim Überschreiben in einer abgeleiteten Klasse die Bindung eines serialisierten Objekts an einen Typ.When overridden in a derived class, controls the binding of a serialized object to a type.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

Bestimmt, ob das angegebene Objekt mit dem aktuellen Objekt identisch ist.Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

Fungiert als Standardhashfunktion.Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

Ruft den Type der aktuellen Instanz ab.Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

Erstellt eine flache Kopie des aktuellen Object.Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

Gibt eine Zeichenfolge zurück, die das aktuelle Objekt darstellt.Returns a string that represents the current object.

(Inherited from Object)

Gilt für:

Siehe auch