Introduction 1
Who is this Book For? 2
Book Outline 2
Chapter 1: Introducing .NET Serialization 5
What is Serialization? 5
Why is Serialization Important? 7
A Grassroots Approach to Serialization 7
Overview of .NET Serialization 10
Types of Serialization in .NET 10
Shallow Serialization 11
Deep Serialization 13
What's so Great about .NET Serialization? 16
Serialization in C++ 16
Serialization in Java 16
Serialization in COM/DCOM 17
When is Serialization Used? 18
State Persistence 18
Serializing Object State to File 19
Serializing Object State to a Database 19
Serializing Object State to Memory 20
Exchanging Data Between Applications 21
Exchanging Data Between Applications on the Same Machine 21
Exchanging Data Between Machines Running the Same Platform 21
Exchanging Data Between Machines Running Different Platforms 22
Coming Up Next... 24
Summary 25
Chapter 2: Basic .NET Serialization 27
Using Shallow Serialization 28
The System.Xml.Serialization Namespace 28
Using XmlSerializer 29
Creating the Serializable Book Class 29
Serializing a Book Object as XML 30
Deserializing the Book Object from the XML File 31
Running the Example 32
Serializing Private and Protected Fields 33
Running the Example 35
Serializing Public Properties 35
Running the Example 37
Serializing Arrays, Collections, and Enumerations 37
Running the Example 41
XML Serialization of Objects within Objects 42
Running the Example 45
Circular References and XML Serialization 47
Running the Example 48
When to Use XML Serialization 49
Using SOAP Encoding with XMLSerializer 49
Running the Example 52
Using Deep Serialization 52
The System.Runtime.Serialization Namespace 53
Using Formatters 54
Using the Binary Formatter 55
Running the Example 57
Using the SOAP Formatter 58
Running the Example 60
Controlling Formatter-Based Serialization 61
Running the Example 63
Deep Serialization of Object Graphs 64
Running the Example 66
Handling Circular References in Object Graphs 67
Cloning Objects via Deep Serialization 69
Summary 71
Chapter 3: Designing Classes for Shallow Serialization 73
Customizing XML Serialization from Inside a Serializable Class 74
Implementing the Basic Student Application 75
Implementing the Student Class 76
Implementing the Address Class 79
Implementing the MainClass 80
Running the Application 82
Custom Serialization Using XML Attributes 84
Formatting the XML Document Element 86
Formatting XML Elements 87
Formatting XML Attributes 88
Defining Qualified Namespaces for Elements and Attributes 89
Formatting Text Content 90
Defining Data Types for Elements and Attributes 91
Specifying Alternative Names for Enumeration Identifiers 94
Serializing Polymorphic Arrays 95
Defining Nullable Object References 97
Defining Ignorable Fields and Properties 98
Effect of Custom Formatting on the Serialized Student Data 99
Customizing XML Serialization to SOAP-Encoded Format 100
Serializing the Student Application to SOAP-Encoded XML Format 100
Modifying the Student Class 101
Modifying the MainClass 101
Running the Application 103
Custom Serialization to SOAP-Encoded Format Using SOAP Attributes 105
Modifying the Student Class 107
Running the Application 109
Summary 110
Chapter 4: Designing Classes for Deep Serialization 113
Custom Formatted Serialization Using ISerializable 114
Defining a Custom Serialization Format 116
Implementing the Original InvestmentPlan Class 117
Implementing the MainForm 119
Running the Application 122
Improving InvestmentPlan By Customizing the Serialization Format 125
Running the Application 128
Using Helper Classes to Control Deserialization 129
Serializing and Deserializing an Existing .NET Singleton Type 130
Serializing and Deserializing Custom Singleton Types 134
A Tour of the Radio Station Application 135
Implementing the Station Class 138
Implementing the AssignedStation Class 139
Implementing the UnassignedStation Class 140
Implementing the UnassignedStationSerializerHelper Class 142
Implementing the MainForm Class 143
Running the Application 146
Viewing the Serialized Data 147
Deserializing Complex Object Graphs Correctly 148
Using IDeserializationCallback 150
Implementing the Bank Class 151
Implementing the Account Class 153
Implementing the Customer Class 154
Implementing the Serialization Code 155
Implementing the Deserialization Code 156
Running the Example 156
Summary 157
Chapter 5: Advanced Shallow Serialization Techniques 159
Handling Unknown Content During XML Deserialization 160
Ignoring Unknown Content 161
Detecting Unknown Content 166
Tracing Unknown Content 173
Processing Unknown Content 174
Overriding Default XML Serialization 183
Overriding Literal-Encoded XML Serialization 184
Overriding How a Data Type is Serialized as a Root Element 189
Overriding How Fields and Properties are Serialized as Elements 190
Overriding How Fields and Properties are Serialized as Attributes 192
Overriding How Fields and Properties are Serialized as Text 193
Overriding How Enumeration Identifiers are Serialized 193
Overriding How Arrays and Array Items are Serialized 194
Overriding Whether Fields and Properties Should Be Ignored During Serialization
195
Combining All of the Overrides 196
Testing the Application 198
Overriding SOAP-Encoded XML Serialization 199
Using the SoapAttributes and SoapAttributeOverrides Classes 199
Example of Overriding SOAP-Encoded XML Serialization 202
Testing the Application 206
Summary 207
Chapter 6: Advanced Deep Serialization Techniques 211
Using Surrogates to Make Classes Serializable 212
Using Surrogates to Serialize Public State 213
Implementing the Account Class 214
Implementing the AccountSurrogate Class 215
Implementing the AccountForm Class 216
Running the Application 219
Using Surrogates with Reflection 220
Modifying the Account Class 221
Rewriting the AccountSurrogate Class 222
Running the Application 223
Grouping Surrogates in a Surrogate Selector 225
Modifying the Account Class 226
Modifying the AccountForm Class 227
Implementing the TransactionSurrogate Class 228
Running the Application 229
Chaining Surrogate Selectors Together 230
Modifying the Account Class 233
Modifying the AccountForm Class 234
Implementing the AccountSummarySurrogate Class 238
Running the Application 239
Using Surrogate Classes Effectively 240
Changing Type or Assembly on Deserialization 241
Handling Versioning Issues Using SerializationBinder 242
Serializing Objects in the Original Assembly Version 242
Running the Application 244
Deserializing Objects into a Different Assembly Version 245
Running the Application 249
Creating Custom Formatters 250
The IFormatter Interface 251
Implementing a Custom Formatter 252
Running the Application 254
Summary 255
Chapter 7: Using .NET Serialization Securely 259
Serialization Security Overview 259
What are the Security Issues with Serialization? 260
Manipulating Sensitive Data 260
File System Foibles 262
Roadmap for the Chapter 262
What is Code Security? 263
Types of Security 263
Code Security in the .NET Framework 264
Code Groups 265
The Luring Attack 268
The Stack Walk 268
Forcing a Stack Walk with Demand 270
.NET Code Security System in Brief 275
Code Security and Serialization 275
Serialization is a High Privilege 275
Using Visibility Attributes Effectively 276
Deserializing Sensitive State 278
What about the User? 278
Fully Trusted Trojan Horses 279
Overriding the Security System 279
Asserting Yourself 280
Safely Storing Serialized State 282
File Storage and Partial Trust 282
What is Canonicalization? 282
Elevation of Privilege Attacks 284
Using Isolated Storage 287
Encryption and Serialization 289
Encryption Overview 290
Symmetric Cryptosystems 291
Asymmetric Cryptosystems 292
Combined Cryptosystems 293
Implementing Encrypted Serialization 294
Using CryptoStreams 295
Serialization and Deserialization with Encryption 296
Using Encryption Effectively 297
The Future of Encryption and Serialization 298
Summary 299
Appendix A: Support, Errata, and Code Download 301
How to Download the Sample Code for the Book 301
Errata 302
E-Mail Support 302
p2p.wrox.com 303
Index 305