SerializationBinder 类

定义

允许用户控制类加载并指定要加载的类。

public ref class SerializationBinder abstract
public abstract class SerializationBinder
[System.Serializable]
public abstract class SerializationBinder
[System.Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public abstract class SerializationBinder
type SerializationBinder = class
[<System.Serializable>]
type SerializationBinder = class
[<System.Serializable>]
[<System.Runtime.InteropServices.ComVisible(true)>]
type SerializationBinder = class
Public MustInherit Class SerializationBinder
继承
SerializationBinder
属性

示例

using namespace System;
using namespace System::IO;
using namespace System::Runtime::Serialization;
using namespace System::Runtime::Serialization::Formatters::Binary;
using namespace System::Reflection;
using namespace System::Security::Permissions;
ref class Version1ToVersion2DeserializationBinder;

[Serializable]
ref class Version1Type
{
public:
   Int32 x;
};


[Serializable]
ref class Version2Type: public ISerializable
{
public:
   Int32 x;
   String^ name;

   // The security attribute demands that code that calls  
   // this method have permission to perform serialization.

   [SecurityPermissionAttribute(SecurityAction::Demand,SerializationFormatter=true)]
   virtual void GetObjectData( SerializationInfo^ info, StreamingContext context )
   {
      info->AddValue( "x", x );
      info->AddValue( "name", name );
   }


private:

   // The security attribute demands that code that calls  
   // this method have permission to perform serialization.

   [SecurityPermissionAttribute(SecurityAction::Demand,SerializationFormatter=true)]
   Version2Type( SerializationInfo^ info, StreamingContext context )
   {
      x = info->GetInt32( "x" );
      try
      {
         name = info->GetString( "name" );
      }
      catch ( SerializationException^ ) 
      {
         // The 'name' field was not serialized because Version1Type 
         // did not contain this field.
         // We will set this field to a reasonable default value.
         name =  "Reasonable default value";
      }
   }
};

ref class Version1ToVersion2DeserializationBinder sealed: public SerializationBinder
{
public:
   virtual Type^ BindToType( String^ assemblyName, String^ typeName ) override
   {
      Type^ typeToDeserialize = nullptr;

      // For each assemblyName/typeName that you want to deserialize to
      // a different type, set typeToDeserialize to the desired type.
      String^ assemVer1 = Assembly::GetExecutingAssembly()->FullName;
      String^ typeVer1 =  "Version1Type";
      if ( assemblyName->Equals( assemVer1 ) && typeName->Equals( typeVer1 ) )
      {
         // To use a type from a different assembly version, 
         // change the version number using the following line of code.
         // assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0");
         // To use a different type from the same assembly, 
         // change the type name.
         typeName =  "Version2Type";
      }

      // The following line of code returns the type.
      typeToDeserialize = Type::GetType( String::Format(  "{0}, {1}", typeName, assemblyName ) );
      return typeToDeserialize;
   }
};

ref class App
{
public:
   static void Serialize()
   {
      // To serialize the objects, you must first open a stream for writing. 
      // We will use a file stream here.
      FileStream^ fs = gcnew FileStream( "DataFile.dat",FileMode::Create );
      try
      {
         // Construct a BinaryFormatter and use it 
         // to serialize the data to the stream.
         BinaryFormatter^ formatter = gcnew BinaryFormatter;

         // Construct a Version1Type Object and serialize it.
         Version1Type^ obj = gcnew Version1Type;
         obj->x = 123;
         formatter->Serialize( fs, obj );
      }
      catch ( SerializationException^ e ) 
      {
         Console::WriteLine( "Failed to serialize. Reason: {0}", e->Message );
         throw;
      }
      finally
      {
         fs->Close();
      }
   }

   static void Deserialize()
   {
      // Declare the Version2Type reference.
      Version2Type^ obj = nullptr;

      // Open the file containing the data that we want to deserialize.
      FileStream^ fs = gcnew FileStream( "DataFile.dat",FileMode::Open );
      try
      {
         // Construct a BinaryFormatter and use it 
         // to deserialize the data from the stream.
         BinaryFormatter^ formatter = gcnew BinaryFormatter;

         // Construct an instance of our 
         // Version1ToVersion2TypeSerialiationBinder type.
         // This Binder type knows how to deserialize a Version1Type  
         // Object* to a Version2Type Object.
         formatter->Binder = gcnew Version1ToVersion2DeserializationBinder;
         obj = dynamic_cast<Version2Type^>(formatter->Deserialize( fs ));
      }
      catch ( SerializationException^ e ) 
      {
         Console::WriteLine( "Failed to deserialize. Reason: {0}", e->Message );
         throw;
      }
      finally
      {
         fs->Close();
      }

      // To prove that a Version2Type Object* was deserialized, 
      // display the Object's type and fields to the console.
      Console::WriteLine( "Type of Object deserialized: {0}", obj->GetType() );
      Console::WriteLine( "x = {0}, name = {1}", obj->x, obj->name );
   }
};

[STAThread]
int main()
{
   App::Serialize();
   App::Deserialize();
   return 0;
}
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters.Binary;
using System.Reflection;

class App
{
    [STAThread]
    static void Main()
    {
        Serialize();
        Deserialize();
    }

    static void Serialize()
    {
        // To serialize the objects, you must first open a stream for writing.
        // Use a file stream here.
        FileStream fs = new FileStream("DataFile.dat", FileMode.Create);

        try
        {
            // Construct a BinaryFormatter and use it
            // to serialize the data to the stream.
            BinaryFormatter formatter = new BinaryFormatter();

            // Construct a Version1Type object and serialize it.
            Version1Type obj = new Version1Type();
            obj.x = 123;
            formatter.Serialize(fs, obj);
        }
        catch (SerializationException e)
        {
            Console.WriteLine("Failed to serialize. Reason: " + e.Message);
            throw;
        }
        finally
        {
            fs.Close();
        }
    }

    static void Deserialize()
    {
        // Declare the Version2Type reference.
        Version2Type obj = null;

        // Open the file containing the data that you want to deserialize.
        FileStream fs = new FileStream("DataFile.dat", FileMode.Open);
        try
        {
            // Construct a BinaryFormatter and use it
            // to deserialize the data from the stream.
            BinaryFormatter formatter = new BinaryFormatter();

            // Construct an instance of our the
            // Version1ToVersion2TypeSerialiationBinder type.
            // This Binder type can deserialize a Version1Type
            // object to a Version2Type object.
            formatter.Binder = new Version1ToVersion2DeserializationBinder();

            obj = (Version2Type) formatter.Deserialize(fs);
        }
        catch (SerializationException e)
        {
            Console.WriteLine("Failed to deserialize. Reason: " + e.Message);
            throw;
        }
        finally
        {
            fs.Close();
        }

        // To prove that a Version2Type object was deserialized,
        // display the object's type and fields to the console.
        Console.WriteLine("Type of object deserialized: " + obj.GetType());
        Console.WriteLine("x = {0}, name = {1}", obj.x, obj.name);
    }
}

[Serializable]
class Version1Type
{
    public Int32 x;
}

[Serializable]
class Version2Type : ISerializable
{
    public Int32 x;
    public String name;

    void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
    {
        info.AddValue("x", x);
        info.AddValue("name", name);
    }

    private Version2Type(SerializationInfo info, StreamingContext context)
    {
        x = info.GetInt32("x");
        try
        {
            name = info.GetString("name");
        }
        catch (SerializationException)
        {
            // The "name" field was not serialized because Version1Type
            // did not contain this field.
            // Set this field to a reasonable default value.
            name = "Reasonable default value";
        }
    }
}

sealed class Version1ToVersion2DeserializationBinder : SerializationBinder
{
    public override Type BindToType(string assemblyName, string typeName)
    {
        Type typeToDeserialize = null;

        // For each assemblyName/typeName that you want to deserialize to
        // a different type, set typeToDeserialize to the desired type.
        String assemVer1 = Assembly.GetExecutingAssembly().FullName;
        String typeVer1 = "Version1Type";

        if (assemblyName == assemVer1 && typeName == typeVer1)
        {
            // To use a type from a different assembly version,
            // change the version number.
            // To do this, uncomment the following line of code.
            // assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0");

            // To use a different type from the same assembly,
            // change the type name.
            typeName = "Version2Type";
        }

        // The following line of code returns the type.
        typeToDeserialize = Type.GetType(String.Format("{0}, {1}",
            typeName, assemblyName));

        return typeToDeserialize;
    }
}
Imports System.IO
Imports System.Runtime.Serialization
Imports System.Runtime.Serialization.Formatters.Binary
Imports System.Reflection
Imports System.Security.Permissions

Class App
   <STAThread()> Shared Sub Main()
      Serialize()
      Deserialize()
   End Sub


   Shared Sub Serialize()
      ' To serialize the objects, you must first open a stream for writing. 
      ' Use a file stream here.
      Dim fs As New FileStream("DataFile.dat", FileMode.Create)

      Try
         ' Construct a BinaryFormatter and use it 
         ' to serialize the data to the stream.
         Dim formatter As New BinaryFormatter

         ' Construct a Version1Type object and serialize it.
         Dim obj As New Version1Type
         obj.x = 123
         formatter.Serialize(fs, obj)
      Catch e As SerializationException
         Console.WriteLine("Failed to serialize. Reason: " & e.Message)
         Throw
      Finally
         fs.Close()
      End Try
   End Sub


   Shared Sub Deserialize()
      ' Declare the Version2Type reference.
      Dim obj As Version2Type = Nothing

      ' Open the file containing the data that you want to deserialize.
      Dim fs As New FileStream("DataFile.dat", FileMode.Open)
      Try
         ' Construct a BinaryFormatter and use it 
         ' to deserialize the data from the stream.
         Dim formatter As New BinaryFormatter

         ' Construct an instance of the 
         ' Version1ToVersion2TypeSerialiationBinder type.
         ' This Binder type can deserialize a Version1Type  
         ' object to a Version2Type object.
         formatter.Binder = New Version1ToVersion2DeserializationBinder

         obj = DirectCast(formatter.Deserialize(fs), Version2Type)
      Catch e As SerializationException
         Console.WriteLine("Failed to deserialize. Reason: " & e.Message)
         Throw
      Finally
         fs.Close()
      End Try

      ' To prove that a Version2Type object was deserialized, 
      ' display the object's type and fields to the console.
      Console.WriteLine("Type of object deserialized: {0}", obj.GetType())
      Console.WriteLine("x = {0}, name = {1}", obj.x, obj.name)
   End Sub
End Class


<Serializable()> Class Version1Type
   Public x As Int32
End Class


<Serializable()> Class Version2Type
   Implements ISerializable
   Public x As Int32
   Public name As String

   ' The security attribute demands that code that calls  
   ' this method have permission to perform serialization.
   <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter:=True)> _
   Private Sub GetObjectData(ByVal info As SerializationInfo, _
         ByVal context As StreamingContext) Implements ISerializable.GetObjectData
      info.AddValue("x", x)
      info.AddValue("name", name)
   End Sub

   ' The security attribute demands that code that calls  
   ' this method have permission to perform serialization.
   <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter:=True)> _
   Private Sub New(ByVal info As SerializationInfo, _
         ByVal context As StreamingContext)
      x = info.GetInt32("x")
      Try
         name = info.GetString("name")
      Catch e As SerializationException
         ' The "name" field was not serialized because 
         ' Version1Type did not contain this field.
         ' Set this field to a reasonable default value.
         name = "Reasonable default value"
      End Try
   End Sub
End Class


NotInheritable Class Version1ToVersion2DeserializationBinder
   Inherits SerializationBinder
   Public Overrides Function BindToType(ByVal assemblyName As String, _
         ByVal typeName As String) As Type

      Dim typeToDeserialize As Type = Nothing

      ' For each assemblyName/typeName that you want to deserialize
      ' to a different type, set typeToDeserialize to the desired type.
      Dim assemVer1 As String = [Assembly].GetExecutingAssembly().FullName
      Dim typeVer1 As String = GetType(Version1Type).FullName

      If assemblyName = assemVer1 And typeName = typeVer1 Then
         ' To use a type from a different assembly version, 
         ' change the version number.
         ' To do this, uncomment the following code.
         ' assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0")

         ' To use a different type from the same assembly, 
         ' change the type name.
         typeName = typeName.Replace("Version1Type", "Version2Type")
      End If

      ' The following code returns the type.
      typeToDeserialize = Type.GetType(String.Format("{0}, {1}", typeName, _
                                       assemblyName))

      Return typeToDeserialize
   End Function
End Class

注解

不安全的序列化程序

警告

BinaryFormatter 是不安全的,无法使其安全。 有关详细信息,请参阅 BinaryFormatter security guide (安全指南)。

在序列化过程中,格式化程序传输创建正确类型和版本的对象实例时所需的信息。 此信息通常包括对象的完整类型名称和程序集名称。 程序集名称包括名称、版本和强名称 (请参阅程序集的 强名称) 哈希。 默认情况下,反序列化使用此信息来创建相同对象的实例(安全策略所限制的任何程序集加载属于例外情况)。 由于已经在程序集之间移动了类,或者服务器和客户端要求使用不同的类版本,因此,有些用户需要控制要加载哪些类。

SerializationBinder 不能用于安全性。 尝试从不受信任的源反序列化某些数据时,可能会有一些安全攻击。 绑定器为你提供了检查应用程序域中正在加载的类型的机会,但这不能保证无法利用。 有关详细信息,请参阅 BinaryFormatter 安全指南。 然后,可以维护被拒绝类型的列表或允许的类型列表,并限制正在加载和实例化的类型。 此外,请注意正在电线上拿出哪些信息。 在网络上发送类型名称或其他数据时,可能需要使用传输或消息安全性。

警告

仅当完全确定要序列化的信息时,才使用 SerializationBinder 。 恶意类型可能会导致意外行为。

这是一个抽象基类。 所有绑定器都扩展了此类。

实施者说明

SerializationBinder 继承时,必须重写以下成员:BindToType(String, String)

构造函数

SerializationBinder()

初始化 SerializationBinder 类的新实例。

方法

BindToName(Type, String, String)

当在派生类中重写时,控制是否将序列化对象绑定到类型。

BindToType(String, String)

当在派生类中重写时,控制是否将序列化对象绑定到类型。

Equals(Object)

确定指定对象是否等于当前对象。

(继承自 Object)
GetHashCode()

作为默认哈希函数。

(继承自 Object)
GetType()

获取当前实例的 Type

(继承自 Object)
MemberwiseClone()

创建当前 Object 的浅表副本。

(继承自 Object)
ToString()

返回表示当前对象的字符串。

(继承自 Object)

适用于

另请参阅