SerializationBinder SerializationBinder SerializationBinder SerializationBinder Class

定义

允许用户控制类加载并指定要加载的类。Allows users to control class loading and mandate what class to load.

public ref class SerializationBinder abstract
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public abstract class SerializationBinder
type SerializationBinder = class
Public MustInherit Class SerializationBinder
继承
SerializationBinderSerializationBinderSerializationBinderSerializationBinder
属性

示例

using namespace System;
using namespace System::IO;
using namespace System::Runtime::Serialization;
using namespace System::Runtime::Serialization::Formatters::Binary;
using namespace System::Reflection;
using namespace System::Security::Permissions;
ref class Version1ToVersion2DeserializationBinder;

[Serializable]
ref class Version1Type
{
public:
   Int32 x;
};


[Serializable]
ref class Version2Type: public ISerializable
{
public:
   Int32 x;
   String^ name;

   // The security attribute demands that code that calls  
   // this method have permission to perform serialization.

   [SecurityPermissionAttribute(SecurityAction::Demand,SerializationFormatter=true)]
   virtual void GetObjectData( SerializationInfo^ info, StreamingContext context )
   {
      info->AddValue( "x", x );
      info->AddValue( "name", name );
   }


private:

   // The security attribute demands that code that calls  
   // this method have permission to perform serialization.

   [SecurityPermissionAttribute(SecurityAction::Demand,SerializationFormatter=true)]
   Version2Type( SerializationInfo^ info, StreamingContext context )
   {
      x = info->GetInt32( "x" );
      try
      {
         name = info->GetString( "name" );
      }
      catch ( SerializationException^ ) 
      {
         // The 'name' field was not serialized because Version1Type 
         // did not contain this field.
         // We will set this field to a reasonable default value.
         name =  "Reasonable default value";
      }
   }
};

ref class Version1ToVersion2DeserializationBinder sealed: public SerializationBinder
{
public:
   virtual Type^ BindToType( String^ assemblyName, String^ typeName ) override
   {
      Type^ typeToDeserialize = nullptr;

      // For each assemblyName/typeName that you want to deserialize to
      // a different type, set typeToDeserialize to the desired type.
      String^ assemVer1 = Assembly::GetExecutingAssembly()->FullName;
      String^ typeVer1 =  "Version1Type";
      if ( assemblyName->Equals( assemVer1 ) && typeName->Equals( typeVer1 ) )
      {
         // To use a type from a different assembly version, 
         // change the version number using the following line of code.
         // assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0");
         // To use a different type from the same assembly, 
         // change the type name.
         typeName =  "Version2Type";
      }

      // The following line of code returns the type.
      typeToDeserialize = Type::GetType( String::Format(  "{0}, {1}", typeName, assemblyName ) );
      return typeToDeserialize;
   }
};

ref class App
{
public:
   static void Serialize()
   {
      // To serialize the objects, you must first open a stream for writing. 
      // We will use a file stream here.
      FileStream^ fs = gcnew FileStream( "DataFile.dat",FileMode::Create );
      try
      {
         // Construct a BinaryFormatter and use it 
         // to serialize the data to the stream.
         BinaryFormatter^ formatter = gcnew BinaryFormatter;

         // Construct a Version1Type Object and serialize it.
         Version1Type^ obj = gcnew Version1Type;
         obj->x = 123;
         formatter->Serialize( fs, obj );
      }
      catch ( SerializationException^ e ) 
      {
         Console::WriteLine( "Failed to serialize. Reason: {0}", e->Message );
         throw;
      }
      finally
      {
         fs->Close();
      }
   }

   static void Deserialize()
   {
      // Declare the Version2Type reference.
      Version2Type^ obj = nullptr;

      // Open the file containing the data that we want to deserialize.
      FileStream^ fs = gcnew FileStream( "DataFile.dat",FileMode::Open );
      try
      {
         // Construct a BinaryFormatter and use it 
         // to deserialize the data from the stream.
         BinaryFormatter^ formatter = gcnew BinaryFormatter;

         // Construct an instance of our 
         // Version1ToVersion2TypeSerialiationBinder type.
         // This Binder type knows how to deserialize a Version1Type  
         // Object* to a Version2Type Object.
         formatter->Binder = gcnew Version1ToVersion2DeserializationBinder;
         obj = dynamic_cast<Version2Type^>(formatter->Deserialize( fs ));
      }
      catch ( SerializationException^ e ) 
      {
         Console::WriteLine( "Failed to deserialize. Reason: {0}", e->Message );
         throw;
      }
      finally
      {
         fs->Close();
      }

      // To prove that a Version2Type Object* was deserialized, 
      // display the Object's type and fields to the console.
      Console::WriteLine( "Type of Object deserialized: {0}", obj->GetType() );
      Console::WriteLine( "x = {0}, name = {1}", obj->x, obj->name );
   }
};

[STAThread]
int main()
{
   App::Serialize();
   App::Deserialize();
   return 0;
}
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters.Binary;
using System.Reflection;
using System.Security.Permissions;


class App 
{
    [STAThread]
    static void Main() 
    {
        Serialize();
        Deserialize();
    }

    static void Serialize() 
    {
        // To serialize the objects, you must first open a stream for writing. 
        // Use a file stream here.
        FileStream fs = new FileStream("DataFile.dat", FileMode.Create);

        try 
        {
            // Construct a BinaryFormatter and use it 
            // to serialize the data to the stream.
            BinaryFormatter formatter = new BinaryFormatter();

            // Construct a Version1Type object and serialize it.
            Version1Type obj = new Version1Type();
            obj.x = 123;
            formatter.Serialize(fs, obj);
        }
        catch (SerializationException e) 
        {
            Console.WriteLine("Failed to serialize. Reason: " + e.Message);
            throw;
        }
        finally 
        {
            fs.Close();
        }
    }

   
    static void Deserialize() 
    {
        // Declare the Version2Type reference.
        Version2Type obj = null;

        // Open the file containing the data that you want to deserialize.
        FileStream fs = new FileStream("DataFile.dat", FileMode.Open);
        try 
        {
            // Construct a BinaryFormatter and use it 
            // to deserialize the data from the stream.
            BinaryFormatter formatter = new BinaryFormatter();

            // Construct an instance of our the
            // Version1ToVersion2TypeSerialiationBinder type.
            // This Binder type can deserialize a Version1Type  
            // object to a Version2Type object.
            formatter.Binder = new Version1ToVersion2DeserializationBinder();

            obj = (Version2Type) formatter.Deserialize(fs);
        }
        catch (SerializationException e) 
        {
            Console.WriteLine("Failed to deserialize. Reason: " + e.Message);
            throw;
        }
        finally 
        {
            fs.Close();
        }

        // To prove that a Version2Type object was deserialized, 
        // display the object's type and fields to the console.
        Console.WriteLine("Type of object deserialized: " + obj.GetType());
        Console.WriteLine("x = {0}, name = {1}", obj.x, obj.name);
    }
}


[Serializable]
class Version1Type 
{
    public Int32 x;
}


[Serializable]
class Version2Type : ISerializable 
{
    public Int32 x;
    public String name;
   
    // The security attribute demands that code that calls
    // this method have permission to perform serialization.
    [SecurityPermissionAttribute(SecurityAction.Demand,SerializationFormatter=true)]
    void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) 
    {
        info.AddValue("x", x);
        info.AddValue("name", name);
    }

    // The security attribute demands that code that calls  
    // this method have permission to perform serialization.
    [SecurityPermissionAttribute(SecurityAction.Demand,SerializationFormatter=true)]
    private Version2Type(SerializationInfo info, StreamingContext context) 
    {
        x = info.GetInt32("x");
        try 
        {
            name = info.GetString("name");
        }
        catch (SerializationException) 
        {
            // The "name" field was not serialized because Version1Type 
            // did not contain this field.
            // Set this field to a reasonable default value.
            name = "Reasonable default value";
        }
    }
}


sealed class Version1ToVersion2DeserializationBinder : SerializationBinder 
{
    public override Type BindToType(string assemblyName, string typeName) 
    {
        Type typeToDeserialize = null;

        // For each assemblyName/typeName that you want to deserialize to
        // a different type, set typeToDeserialize to the desired type.
        String assemVer1 = Assembly.GetExecutingAssembly().FullName;
        String typeVer1 = "Version1Type";

        if (assemblyName == assemVer1 && typeName == typeVer1) 
        {
            // To use a type from a different assembly version, 
            // change the version number.
            // To do this, uncomment the following line of code.
            // assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0");

            // To use a different type from the same assembly, 
            // change the type name.
            typeName = "Version2Type";
        }

        // The following line of code returns the type.
        typeToDeserialize = Type.GetType(String.Format("{0}, {1}", 
            typeName, assemblyName));

        return typeToDeserialize;
    }
}
Imports System.IO
Imports System.Runtime.Serialization
Imports System.Runtime.Serialization.Formatters.Binary
Imports System.Reflection
Imports System.Security.Permissions

Class App
   <STAThread()> Shared Sub Main()
      Serialize()
      Deserialize()
   End Sub


   Shared Sub Serialize()
      ' To serialize the objects, you must first open a stream for writing. 
      ' Use a file stream here.
      Dim fs As New FileStream("DataFile.dat", FileMode.Create)

      Try
         ' Construct a BinaryFormatter and use it 
         ' to serialize the data to the stream.
         Dim formatter As New BinaryFormatter

         ' Construct a Version1Type object and serialize it.
         Dim obj As New Version1Type
         obj.x = 123
         formatter.Serialize(fs, obj)
      Catch e As SerializationException
         Console.WriteLine("Failed to serialize. Reason: " & e.Message)
         Throw
      Finally
         fs.Close()
      End Try
   End Sub


   Shared Sub Deserialize()
      ' Declare the Version2Type reference.
      Dim obj As Version2Type = Nothing

      ' Open the file containing the data that you want to deserialize.
      Dim fs As New FileStream("DataFile.dat", FileMode.Open)
      Try
         ' Construct a BinaryFormatter and use it 
         ' to deserialize the data from the stream.
         Dim formatter As New BinaryFormatter

         ' Construct an instance of the 
         ' Version1ToVersion2TypeSerialiationBinder type.
         ' This Binder type can deserialize a Version1Type  
         ' object to a Version2Type object.
         formatter.Binder = New Version1ToVersion2DeserializationBinder

         obj = DirectCast(formatter.Deserialize(fs), Version2Type)
      Catch e As SerializationException
         Console.WriteLine("Failed to deserialize. Reason: " & e.Message)
         Throw
      Finally
         fs.Close()
      End Try

      ' To prove that a Version2Type object was deserialized, 
      ' display the object's type and fields to the console.
      Console.WriteLine("Type of object deserialized: {0}", obj.GetType())
      Console.WriteLine("x = {0}, name = {1}", obj.x, obj.name)
   End Sub
End Class


<Serializable()> Class Version1Type
   Public x As Int32
End Class


<Serializable()> Class Version2Type
   Implements ISerializable
   Public x As Int32
   Public name As String

   ' The security attribute demands that code that calls  
   ' this method have permission to perform serialization.
   <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter:=True)> _
   Private Sub GetObjectData(ByVal info As SerializationInfo, _
         ByVal context As StreamingContext) Implements ISerializable.GetObjectData
      info.AddValue("x", x)
      info.AddValue("name", name)
   End Sub

   ' The security attribute demands that code that calls  
   ' this method have permission to perform serialization.
   <SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter:=True)> _
   Private Sub New(ByVal info As SerializationInfo, _
         ByVal context As StreamingContext)
      x = info.GetInt32("x")
      Try
         name = info.GetString("name")
      Catch e As SerializationException
         ' The "name" field was not serialized because 
         ' Version1Type did not contain this field.
         ' Set this field to a reasonable default value.
         name = "Reasonable default value"
      End Try
   End Sub
End Class


NotInheritable Class Version1ToVersion2DeserializationBinder
   Inherits SerializationBinder
   Public Overrides Function BindToType(ByVal assemblyName As String, _
         ByVal typeName As String) As Type

      Dim typeToDeserialize As Type = Nothing

      ' For each assemblyName/typeName that you want to deserialize
      ' to a different type, set typeToDeserialize to the desired type.
      Dim assemVer1 As String = [Assembly].GetExecutingAssembly().FullName
      Dim typeVer1 As String = GetType(Version1Type).FullName

      If assemblyName = assemVer1 And typeName = typeVer1 Then
         ' To use a type from a different assembly version, 
         ' change the version number.
         ' To do this, uncomment the following code.
         ' assemblyName = assemblyName.Replace("1.0.0.0", "2.0.0.0")

         ' To use a different type from the same assembly, 
         ' change the type name.
         typeName = typeName.Replace("Version1Type", "Version2Type")
      End If

      ' The following code returns the type.
      typeToDeserialize = Type.GetType(String.Format("{0}, {1}", typeName, _
                                       assemblyName))

      Return typeToDeserialize
   End Function
End Class

注解

在序列化过程中,格式化程序传输创建正确类型和版本的对象实例时所需的信息。During serialization, a formatter transmits the information required to create an instance of an object of the correct type and version. 此信息通常包括对象的完整类型名称和程序集名称。This information generally includes the full type name and assembly name of the object. 程序集名称包括程序集的名称、版本和强名称(请参阅强名称程序集)哈希。The assembly name includes the name, version, and strong name (see Strong-Named Assemblies) hash of the assembly. 默认情况下,反序列化使用此信息来创建相同对象的实例(安全策略所限制的任何程序集加载属于例外情况)。By default, deserialization uses this information to create an instance of an identical object (with the exception of any assembly loading restricted by the security policy). 由于已经在程序集之间移动了类,或者服务器和客户端要求使用不同的类版本,因此,有些用户需要控制要加载哪些类。Some users need to control which class to load, either because the class has moved between assemblies or a different version of the class is required on the server and client.

SerializationBinder还可用于安全性。SerializationBinder can also be used for security. 尝试反序列化来自不受信任源的某些数据时,可能会出现一些安全漏洞。There might be some security exploits when you are trying to deserialize some data from an untrusted source. 联编程序提供了一种检查在应用程序域中加载了哪些类型的机会。The binder gives you an opportunity to inspect what types are being loaded in your application domain. 然后,你可以维护拒绝类型列表或允许类型列表,并限制正在加载和实例化的类型。You can then either maintain list of denied types or a list of allowed types and restrict which types are being loaded and instantiated. 此外,还应注意在网络上放置了哪些信息,在网络上发送类型名称或其他数据时,可能需要保护(使用传输或消息安全)。In addition you should be mindful of what information is being put out on the wire, you may want to secure (use transport or message security) when sending type names or other data on the wire.

警告

仅当SerializationBinder你完全确定要序列化的信息时才使用。Only use SerializationBinder if you are completely sure of what information is being serialized. 恶意类型可能会导致意外的行为。Malicious types can cause unexpected behavior.

这是一个抽象基类。This is an abstract base class. 所有联编都扩展此类。All binders extend this class.

继承者说明

SerializationBinder 继承时,必须重写以下成员:BindToType(String, String)When you inherit from SerializationBinder, you must override the following member: BindToType(String, String).

构造函数

SerializationBinder() SerializationBinder() SerializationBinder() SerializationBinder()

初始化 SerializationBinder 类的新实例。Initializes a new instance of the SerializationBinder class.

方法

BindToName(Type, String, String) BindToName(Type, String, String) BindToName(Type, String, String) BindToName(Type, String, String)

当在派生类中重写时,控制是否将序列化对象绑定到类型。When overridden in a derived class, controls the binding of a serialized object to a type.

BindToType(String, String) BindToType(String, String) BindToType(String, String) BindToType(String, String)

当在派生类中重写时,控制是否将序列化对象绑定到类型。When overridden in a derived class, controls the binding of a serialized object to a type.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

作为默认哈希函数。Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

返回表示当前对象的字符串。Returns a string that represents the current object.

(Inherited from Object)

适用于

另请参阅