FormatterServices.CheckTypeSecurity(Type, TypeFilterLevel) Método

Definição

Determina se o Type especificado pode ser desserializado com a propriedade TypeFilterLevel definida como Low.Determines whether the specified Type can be deserialized with the TypeFilterLevel property set to Low.

public:
 static void CheckTypeSecurity(Type ^ t, System::Runtime::Serialization::Formatters::TypeFilterLevel securityLevel);
public static void CheckTypeSecurity (Type t, System.Runtime.Serialization.Formatters.TypeFilterLevel securityLevel);
static member CheckTypeSecurity : Type * System.Runtime.Serialization.Formatters.TypeFilterLevel -> unit
Public Shared Sub CheckTypeSecurity (t As Type, securityLevel As TypeFilterLevel)

Parâmetros

t
Type

O Type cuja capacidade de desserialização deve ser verificada.The Type to check for the ability to deserialize.

securityLevel
TypeFilterLevel

O valor da propriedade TypeFilterLevel.The TypeFilterLevel property value.

Exceções

O parâmetro t é um tipo de objeto avançado e não pode ser desserializado quando a propriedade TypeFilterLevel está definida para Low.The t parameter is an advanced type and cannot be deserialized when the TypeFilterLevel property is set to Low.

Exemplos

Este exemplo mostra como usar a FormatterServices classe para serializar ou desserializar um objeto em que a classe base não implementa ISerializable , mas a classe derivada faz.This example shows how to use the FormatterServices class to serialize or deserialize an object where the base class does not implement ISerializable but the derived class does.

using namespace System;
using namespace System::IO;
using namespace System::Runtime::Serialization;
using namespace System::Runtime::Serialization::Formatters;
using namespace System::Runtime::Serialization::Formatters::Binary;
using namespace System::Reflection;
using namespace System::Security::Permissions;

// Person is a serializable base class.
[Serializable]
public ref class Person
{
private:
    String^ title;

public:
    Person(String^ title)
    {
        this->title = title;
    }

public:
    virtual String^ ToString() override
    {
        return String::Format("{0}", title);
    }
};

// Employee is a serializable class derived from Person.
[Serializable]
public ref class Employee : public Person
{
private:
    String^ title;

public:
    Employee(String^ title) : Person("Person")
    {
        this->title = title;
    }

public:
    virtual String^ ToString() override
    {
        return String::Format("{0} -> {1}", title, Person::ToString());
    }
};

// Manager is a serializable and ISerializable class derived from Employee.
[Serializable]
ref class Manager : public Employee, public ISerializable
{
private:
    String^ title;

public:
    Manager() : Employee("Employee")
    {
        this->title = "Manager";
    }

public:
    [SecurityPermission(SecurityAction::Demand, SerializationFormatter = true)]
    virtual void GetObjectData(SerializationInfo^ info, StreamingContext context)
    {
        // Serialize the desired values for this class.
        info->AddValue("title", title);

        // Get the set of serializable members for the class and base classes.
        Type^ thisType = this->GetType();
        array<MemberInfo^>^ serializableMembers =
            FormatterServices::GetSerializableMembers(thisType, context);

        // Serialize the base class's fields to the info object.
        for each (MemberInfo^ serializableMember in serializableMembers)
        {
            // Do not serialize fields for this class.
            if (serializableMember->DeclaringType != thisType)
            {
                // Skip this field if it is marked NonSerialized.
                if (!(Attribute::IsDefined(serializableMember,
                    NonSerializedAttribute::typeid)))
                {
                    // Get the value of this field and add it to the
                    // SerializationInfo object.
                    info->AddValue(serializableMember->Name,
                        ((FieldInfo^)serializableMember)->GetValue(this));
                }
            }
        }

        // Call the method below to see the contents of the
        // SerializationInfo object.
        DisplaySerializationInfo(info);
    }

private:
    static void DisplaySerializationInfo(SerializationInfo^ info)
    {
        Console::WriteLine("Values in the SerializationInfo:");
        for each (SerializationEntry^ infoEntry in info)
        {
            Console::WriteLine("Name={0}, ObjectType={1}, Value={2}",
                infoEntry->Name, infoEntry->ObjectType, infoEntry->Value);
        }
    }

protected:
    Manager(SerializationInfo^ info,
        StreamingContext context) : Employee(nullptr)
    {
        // Get the set of serializable members for the class and base classes.
        Type^ thisType = this->GetType();
        array<MemberInfo^>^ serializableMembers =
            FormatterServices::GetSerializableMembers(thisType, context);

        // Deserialize the base class's fields from the info object.
        for each (MemberInfo^ serializableMember in serializableMembers)
        {
            // Do not deserialize fields for this class.
            if (serializableMember->DeclaringType != thisType)
            {
                // For easier coding, treat the member as a FieldInfo object
                FieldInfo^ fieldInformation = (FieldInfo^)serializableMember;

                // Skip this field if it is marked NonSerialized.
                if (!(Attribute::IsDefined(serializableMember,
                    NonSerializedAttribute::typeid)))
                {
                    // Get the value of this field from the
                    // SerializationInfo object.
                    fieldInformation->SetValue(this,
                        info->GetValue(fieldInformation->Name,
                        fieldInformation->FieldType));
                }
            }
        }

        // Deserialize the values that were serialized for this class.
        title = info->GetString("title");
    }

public:
    virtual String^ ToString() override
    {
        return String::Format("{0} -> {1}", title, Employee::ToString());
    }
};

int main()
{
    Stream^ stream = gcnew MemoryStream();
    IFormatter^ formatter = gcnew BinaryFormatter();
    Manager^ m = gcnew Manager();
    Console::WriteLine(m->ToString());
    formatter->Serialize(stream, m);

    stream->Position = 0;
    m = (Manager^) formatter->Deserialize(stream);
    Console::WriteLine(m->ToString());
}

// This code produces the following output.
//
//  Manager -> Employee -> Person
//  Values in the SerializaitonInfo:
//  Name=title, ObjectType=System.String, Value=Manager
//  Name=Employee+title, ObjectType=System.String, Value=Employee
//  Name=Person+title, ObjectType=System.String, Value=Person
//  Manager -> Employee -> Person
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters;
using System.Runtime.Serialization.Formatters.Binary;
using System.Reflection;
using System.Security.Permissions;

// Person is a serializable base class.
[Serializable]
public class Person
{
    private String title;

    public Person(String title)
    {
        this.title = title;
    }

    public override String ToString()
    {
        return String.Format("{0}", title);
    }
}

// Employee is a serializable class derived from Person.
[Serializable]
public class Employee : Person
{
    private String title;

    public Employee(String title) : base("Person")
    {
        this.title = title;
    }

    public override String ToString()
    {
        return String.Format("{0} -> {1}", title, base.ToString());
    }
}

// Manager is a serializable and ISerializable class derived from Employee.
[Serializable]
public class Manager : Employee, ISerializable
{
    private String title;

    public Manager() : base("Employee")
    {
        this.title = "Manager";
    }

    [SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
    public void GetObjectData(SerializationInfo info, StreamingContext context)
    {

        // Serialize the desired values for this class.
        info.AddValue("title", title);

        // Get the set of serializable members for the class and base classes.
        Type thisType = this.GetType();
        MemberInfo[] mi = FormatterServices.GetSerializableMembers(thisType, context);

        // Serialize the base class's fields to the info object.
        for (Int32 i = 0; i < mi.Length; i++)
        {
            // Do not serialize fields for this class.
            if (mi[i].DeclaringType == thisType) continue;

            // Skip this field if it is marked NonSerialized.
            if (Attribute.IsDefined(mi[i], typeof(NonSerializedAttribute))) continue;

            // Get the value of this field and add it to the SerializationInfo object.
            info.AddValue(mi[i].Name, ((FieldInfo) mi[i]).GetValue(this));
        }

        // Call the method below to see the contents of the SerializationInfo object.
        DisplaySerializationInfo(info);
    }

    private void DisplaySerializationInfo(SerializationInfo info)
    {
        SerializationInfoEnumerator e = info.GetEnumerator();
        Console.WriteLine("Values in the SerializationInfo:");
        while (e.MoveNext())
        {
            Console.WriteLine("Name={0}, ObjectType={1}, Value={2}", e.Name, e.ObjectType, e.Value);
        }
    }

    [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.SerializationFormatter)]
    protected Manager(SerializationInfo info, StreamingContext context) : base(null)
    {

        // Get the set of serializable members for the class and base classes.
        Type thisType = this.GetType();
        MemberInfo[] mi = FormatterServices.GetSerializableMembers(thisType, context);

        // Deserialize the base class's fields from the info object.
        for (Int32 i = 0; i < mi.Length; i++)
        {
            // Do not deserialize fields for this class.
            if (mi[i].DeclaringType == thisType) continue;

            // For easier coding, treat the member as a FieldInfo object
            FieldInfo fi = (FieldInfo) mi[i];

            // Skip this field if it is marked NonSerialized.
            if (Attribute.IsDefined(mi[i], typeof(NonSerializedAttribute))) continue;

            // Get the value of this field from the SerializationInfo object.
            fi.SetValue(this, info.GetValue(fi.Name, fi.FieldType));
        }

        // Deserialize the values that were serialized for this class.
        title = info.GetString("title");
    }

    public override String ToString()
    {
        return String.Format("{0} -> {1}", title, base.ToString());
    }
}

public sealed class App
{
    public static void Main()
    {
        Run();
    }

    public static void Run()
    {
        using (Stream stream = new MemoryStream())
    {
            IFormatter formatter = new BinaryFormatter();
            Manager m = new Manager();
            Console.WriteLine(m.ToString());
            formatter.Serialize(stream, m);

            stream.Position = 0;
            m = (Manager) formatter.Deserialize(stream);
            Console.WriteLine(m.ToString());
        }
    }
}
// This code produces the following output.
//
//  Manager -> Employee -> Person
//  Values in the SerializaitonInfo:
//  Name=title, ObjectType=System.String, Value=Manager
//  Name=Employee+title, ObjectType=System.String, Value=Employee
//  Name=Person+title, ObjectType=System.String, Value=Person
//  Manager -> Employee -> Person

Comentários

Use este método para determinar se um tipo especificado pode ser desserializado quando a TypeFilterLevel propriedade é definida como Low .Use this method to determine whether a specified type can be deserialized when the TypeFilterLevel property is set to Low.

.NET Framework comunicação remota fornece dois níveis de desserialização automática Low e Full ..NET Framework remoting provides two levels of automatic deserialization, Low and Full. Low ajuda a proteger contra ataques de desserialização desserializando apenas os tipos associados à funcionalidade de comunicação remota mais básica.Low helps protect against deserialization attacks by deserializing only the types associated with the most basic remoting functionality. O Full nível de desserialização dá suporte à desserialização automática de todos os tipos com suporte de comunicação remota em todas as situações.The Full deserialization level supports automatic deserialization of all types that remoting supports in all situations. Para obter mais informações sobre os tipos de comunicação remota do the.NET Framework que Low e Full dão suporte, consulte desserialização automática no .NET Framework comunicação remota.For more information about the.NET Framework remoting types that Low and Full support, see Automatic Deserialization in .NET Framework Remoting.

Aplica-se a