FormatterServices.CheckTypeSecurity(Type, TypeFilterLevel) Metoda
Definicja
Ważne
Niektóre informacje odnoszą się do produktu w wersji wstępnej, który może zostać znacząco zmodyfikowany przed wydaniem. Firma Microsoft nie udziela żadnych gwarancji, jawnych lub domniemanych, w odniesieniu do informacji podanych w tym miejscu.
Określa, czy określony Type można deserializować za pomocą właściwości ustawionej TypeFilterLevel na Lowwartość .
public:
static void CheckTypeSecurity(Type ^ t, System::Runtime::Serialization::Formatters::TypeFilterLevel securityLevel);public static void CheckTypeSecurity (Type t, System.Runtime.Serialization.Formatters.TypeFilterLevel securityLevel);static member CheckTypeSecurity : Type * System.Runtime.Serialization.Formatters.TypeFilterLevel -> unitPublic Shared Sub CheckTypeSecurity (t As Type, securityLevel As TypeFilterLevel)Parametry
- securityLevel
- TypeFilterLevel
TypeFilterLevel Wartość właściwości.
Wyjątki
Parametr t jest typem zaawansowanym i nie można wykonać deserializacji, gdy właściwość jest ustawiona TypeFilterLevel na Lowwartość .
Przykłady
W tym przykładzie pokazano, jak używać FormatterServices klasy do serializacji lub deserializacji obiektu, w którym klasa bazowa nie implementuje ISerializable , ale klasa pochodna robi.
using namespace System;
using namespace System::IO;
using namespace System::Runtime::Serialization;
using namespace System::Runtime::Serialization::Formatters;
using namespace System::Runtime::Serialization::Formatters::Binary;
using namespace System::Reflection;
using namespace System::Security::Permissions;
// Person is a serializable base class.
[Serializable]
public ref class Person
{
private:
String^ title;
public:
Person(String^ title)
{
this->title = title;
}
public:
virtual String^ ToString() override
{
return String::Format("{0}", title);
}
};
// Employee is a serializable class derived from Person.
[Serializable]
public ref class Employee : public Person
{
private:
String^ title;
public:
Employee(String^ title) : Person("Person")
{
this->title = title;
}
public:
virtual String^ ToString() override
{
return String::Format("{0} -> {1}", title, Person::ToString());
}
};
// Manager is a serializable and ISerializable class derived from Employee.
[Serializable]
ref class Manager : public Employee, public ISerializable
{
private:
String^ title;
public:
Manager() : Employee("Employee")
{
this->title = "Manager";
}
public:
[SecurityPermission(SecurityAction::Demand, SerializationFormatter = true)]
virtual void GetObjectData(SerializationInfo^ info, StreamingContext context)
{
// Serialize the desired values for this class.
info->AddValue("title", title);
// Get the set of serializable members for the class and base classes.
Type^ thisType = this->GetType();
array<MemberInfo^>^ serializableMembers =
FormatterServices::GetSerializableMembers(thisType, context);
// Serialize the base class's fields to the info object.
for each (MemberInfo^ serializableMember in serializableMembers)
{
// Do not serialize fields for this class.
if (serializableMember->DeclaringType != thisType)
{
// Skip this field if it is marked NonSerialized.
if (!(Attribute::IsDefined(serializableMember,
NonSerializedAttribute::typeid)))
{
// Get the value of this field and add it to the
// SerializationInfo object.
info->AddValue(serializableMember->Name,
((FieldInfo^)serializableMember)->GetValue(this));
}
}
}
// Call the method below to see the contents of the
// SerializationInfo object.
DisplaySerializationInfo(info);
}
private:
static void DisplaySerializationInfo(SerializationInfo^ info)
{
Console::WriteLine("Values in the SerializationInfo:");
for each (SerializationEntry^ infoEntry in info)
{
Console::WriteLine("Name={0}, ObjectType={1}, Value={2}",
infoEntry->Name, infoEntry->ObjectType, infoEntry->Value);
}
}
protected:
Manager(SerializationInfo^ info,
StreamingContext context) : Employee(nullptr)
{
// Get the set of serializable members for the class and base classes.
Type^ thisType = this->GetType();
array<MemberInfo^>^ serializableMembers =
FormatterServices::GetSerializableMembers(thisType, context);
// Deserialize the base class's fields from the info object.
for each (MemberInfo^ serializableMember in serializableMembers)
{
// Do not deserialize fields for this class.
if (serializableMember->DeclaringType != thisType)
{
// For easier coding, treat the member as a FieldInfo object
FieldInfo^ fieldInformation = (FieldInfo^)serializableMember;
// Skip this field if it is marked NonSerialized.
if (!(Attribute::IsDefined(serializableMember,
NonSerializedAttribute::typeid)))
{
// Get the value of this field from the
// SerializationInfo object.
fieldInformation->SetValue(this,
info->GetValue(fieldInformation->Name,
fieldInformation->FieldType));
}
}
}
// Deserialize the values that were serialized for this class.
title = info->GetString("title");
}
public:
virtual String^ ToString() override
{
return String::Format("{0} -> {1}", title, Employee::ToString());
}
};
int main()
{
Stream^ stream = gcnew MemoryStream();
IFormatter^ formatter = gcnew BinaryFormatter();
Manager^ m = gcnew Manager();
Console::WriteLine(m->ToString());
formatter->Serialize(stream, m);
stream->Position = 0;
m = (Manager^) formatter->Deserialize(stream);
Console::WriteLine(m->ToString());
}
// This code produces the following output.
//
// Manager -> Employee -> Person
// Values in the SerializaitonInfo:
// Name=title, ObjectType=System.String, Value=Manager
// Name=Employee+title, ObjectType=System.String, Value=Employee
// Name=Person+title, ObjectType=System.String, Value=Person
// Manager -> Employee -> Person
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters;
using System.Runtime.Serialization.Formatters.Binary;
using System.Reflection;
// Person is a serializable base class.
[Serializable]
public class Person
{
private String title;
public Person(String title)
{
this.title = title;
}
public override String ToString()
{
return String.Format("{0}", title);
}
}
// Employee is a serializable class derived from Person.
[Serializable]
public class Employee : Person
{
private String title;
public Employee(String title) : base("Person")
{
this.title = title;
}
public override String ToString()
{
return String.Format("{0} -> {1}", title, base.ToString());
}
}
// Manager is a serializable and ISerializable class derived from Employee.
[Serializable]
public class Manager : Employee, ISerializable
{
private String title;
public Manager() : base("Employee")
{
this.title = "Manager";
}
public void GetObjectData(SerializationInfo info, StreamingContext context)
{
// Serialize the desired values for this class.
info.AddValue("title", title);
// Get the set of serializable members for the class and base classes.
Type thisType = this.GetType();
MemberInfo[] mi = FormatterServices.GetSerializableMembers(thisType, context);
// Serialize the base class's fields to the info object.
for (Int32 i = 0; i < mi.Length; i++)
{
// Do not serialize fields for this class.
if (mi[i].DeclaringType == thisType) continue;
// Skip this field if it is marked NonSerialized.
if (Attribute.IsDefined(mi[i], typeof(NonSerializedAttribute))) continue;
// Get the value of this field and add it to the SerializationInfo object.
info.AddValue(mi[i].Name, ((FieldInfo) mi[i]).GetValue(this));
}
// Call the method below to see the contents of the SerializationInfo object.
DisplaySerializationInfo(info);
}
private void DisplaySerializationInfo(SerializationInfo info)
{
SerializationInfoEnumerator e = info.GetEnumerator();
Console.WriteLine("Values in the SerializationInfo:");
while (e.MoveNext())
{
Console.WriteLine("Name={0}, ObjectType={1}, Value={2}", e.Name, e.ObjectType, e.Value);
}
}
protected Manager(SerializationInfo info, StreamingContext context) : base(null)
{
// Get the set of serializable members for the class and base classes.
Type thisType = this.GetType();
MemberInfo[] mi = FormatterServices.GetSerializableMembers(thisType, context);
// Deserialize the base class's fields from the info object.
for (Int32 i = 0; i < mi.Length; i++)
{
// Do not deserialize fields for this class.
if (mi[i].DeclaringType == thisType) continue;
// For easier coding, treat the member as a FieldInfo object
FieldInfo fi = (FieldInfo) mi[i];
// Skip this field if it is marked NonSerialized.
if (Attribute.IsDefined(mi[i], typeof(NonSerializedAttribute))) continue;
// Get the value of this field from the SerializationInfo object.
fi.SetValue(this, info.GetValue(fi.Name, fi.FieldType));
}
// Deserialize the values that were serialized for this class.
title = info.GetString("title");
}
public override String ToString()
{
return String.Format("{0} -> {1}", title, base.ToString());
}
}
public sealed class App
{
public static void Main()
{
Run();
}
public static void Run()
{
using (Stream stream = new MemoryStream())
{
IFormatter formatter = new BinaryFormatter();
Manager m = new Manager();
Console.WriteLine(m.ToString());
formatter.Serialize(stream, m);
stream.Position = 0;
m = (Manager) formatter.Deserialize(stream);
Console.WriteLine(m.ToString());
}
}
}
// This code produces the following output.
//
// Manager -> Employee -> Person
// Values in the SerializaitonInfo:
// Name=title, ObjectType=System.String, Value=Manager
// Name=Employee+title, ObjectType=System.String, Value=Employee
// Name=Person+title, ObjectType=System.String, Value=Person
// Manager -> Employee -> Person
Uwagi
Użyj tej metody, aby określić, czy określony typ może być deserializowany, gdy właściwość jest ustawiona TypeFilterLevel na Low.
.NET Framework komunikacja zdalna zapewnia dwa poziomy automatycznej deserializacji i Low Full. Low pomaga chronić przed atakami deserializacji przez deserializacji tylko typy skojarzone z najbardziej podstawową funkcją komunikacji zdalną. Poziom Full deserializacji obsługuje automatyczną deserializacji wszystkich typów, które obsługują komunikacja zdalna we wszystkich sytuacjach. Aby uzyskać więcej informacji na temat typów komunikacji zdalnie the.NET Framework, które Low i Full obsługują, zobacz Automatyczne deserializacji w .NET Framework komunikacji zdalnie.