Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Bestimmt, ob der angegebene Type mit der auf Low festgelegten TypeFilterLevel-Eigenschaft deserialisiert werden kann.
Namespace: System.Runtime.Serialization
Assembly: mscorlib (in mscorlib.dll)
Syntax
'Declaration
Public Shared Sub CheckTypeSecurity ( _
t As Type, _
securityLevel As TypeFilterLevel _
)
'Usage
Dim t As Type
Dim securityLevel As TypeFilterLevel
FormatterServices.CheckTypeSecurity(t, securityLevel)
public static void CheckTypeSecurity (
Type t,
TypeFilterLevel securityLevel
)
public:
static void CheckTypeSecurity (
Type^ t,
TypeFilterLevel securityLevel
)
public static void CheckTypeSecurity (
Type t,
TypeFilterLevel securityLevel
)
public static function CheckTypeSecurity (
t : Type,
securityLevel : TypeFilterLevel
)
Parameter
- t
Der Type, der auf Seralisierbarkeit geprüft werden soll.
- securityLevel
Der TypeFilterLevel-Eigenschaftenwert.
Ausnahmen
| Ausnahmetyp | Bedingung |
|---|---|
Der t-Parameter ist ein erweiterter Typ und kann nicht deserialisiert werden, wenn die TypeFilterLevel-Eigenschaft auf Low festgelegt ist. |
Hinweise
Mit dieser Methode kann bestimmt werden, ob ein angegebener Typ deserialisiert werden kann, wenn die TypeFilterLevel-Eigenschaft auf Low festgelegt ist.
.NET Framework bietet zwei Ebenen der automatischen Deserialisierung, Low und Full. Die Einstellung Low schützt vor Deserialisierungsangriffen, da nur Typen deserialisiert werden, denen absolut grundlegende Remotingfunktionen zugeordnet sind. Die Deserialisierungsebene Full unterstützt die automatische Deserialisierung aller Typen, die in allen Situationen beim Remoting unterstützt werden. Weitere Informationen über Typen in .NET Framework, die Low und Full unterstützen, finden Sie unter Automatische Deserialisierung in .NET Framework Remoting.
Beispiel
In diesem Codebeispiel wird veranschaulicht, wie ein Objekt mithilfe der FormatterServices-Klasse serialisiert oder deserialisiert wird, wobei ISerializable von der abgeleiteten Klasse, nicht jedoch von der Basisklasse implementiert wird.
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters;
using System.Runtime.Serialization.Formatters.Binary;
using System.Reflection;
using System.Security.Permissions;
// Person is a serializable base class.
[Serializable]
public class Person
{
private String title;
public Person(String title)
{
this.title = title;
}
public override String ToString()
{
return String.Format("{0}", title);
}
}
// Employee is a serializable class derived from Person.
[Serializable]
public class Employee : Person
{
private String title;
public Employee(String title) : base("Person")
{
this.title = title;
}
public override String ToString()
{
return String.Format("{0} -> {1}", title, base.ToString());
}
}
// Manager is a serializable and ISerializable class derived from Employee.
[Serializable]
public class Manager : Employee, ISerializable
{
private String title;
public Manager() : base("Employee")
{
this.title = "Manager";
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
public void GetObjectData(SerializationInfo info, StreamingContext context)
{
// Serialize the desired values for this class.
info.AddValue("title", title);
// Get the set of serializable members for the class and base classes.
Type thisType = this.GetType();
MemberInfo[] mi = FormatterServices.GetSerializableMembers(thisType, context);
// Serialize the base class's fields to the info object.
for (Int32 i = 0; i < mi.Length; i++)
{
// Do not serialize fields for this class.
if (mi[i].DeclaringType == thisType) continue;
// Skip this field if it is marked NonSerialized.
if (Attribute.IsDefined(mi[i], typeof(NonSerializedAttribute))) continue;
// Get the value of this field and add it to the SerializationInfo object.
info.AddValue(mi[i].Name, ((FieldInfo) mi[i]).GetValue(this));
}
// Call the method below to see the contents of the SerializationInfo object.
DisplaySerializationInfo(info);
}
private void DisplaySerializationInfo(SerializationInfo info)
{
SerializationInfoEnumerator e = info.GetEnumerator();
Console.WriteLine("Values in the SerializationInfo:");
while (e.MoveNext())
{
Console.WriteLine("Name={0}, ObjectType={1}, Value={2}", e.Name, e.ObjectType, e.Value);
}
}
[SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.SerializationFormatter)]
protected Manager(SerializationInfo info, StreamingContext context) : base(null)
{
// Get the set of serializable members for the class and base classes.
Type thisType = this.GetType();
MemberInfo[] mi = FormatterServices.GetSerializableMembers(thisType, context);
// Deserialize the base class's fields from the info object.
for (Int32 i = 0; i < mi.Length; i++)
{
// Do not deserialize fields for this class.
if (mi[i].DeclaringType == thisType) continue;
// For easier coding, treat the member as a FieldInfo object
FieldInfo fi = (FieldInfo) mi[i];
// Skip this field if it is marked NonSerialized.
if (Attribute.IsDefined(mi[i], typeof(NonSerializedAttribute))) continue;
// Get the value of this field from the SerializationInfo object.
fi.SetValue(this, info.GetValue(fi.Name, fi.FieldType));
}
// Deserialize the values that were serialized for this class.
title = info.GetString("title");
}
public override String ToString()
{
return String.Format("{0} -> {1}", title, base.ToString());
}
}
public sealed class App
{
public static void Main()
{
Run();
}
public static void Run()
{
using (Stream stream = new MemoryStream())
{
IFormatter formatter = new BinaryFormatter();
Manager m = new Manager();
Console.WriteLine(m.ToString());
formatter.Serialize(stream, m);
stream.Position = 0;
m = (Manager) formatter.Deserialize(stream);
Console.WriteLine(m.ToString());
}
}
}
// This code produces the following output.
//
// Manager -> Employee -> Person
// Values in the SerializaitonInfo:
// Name=title, ObjectType=System.String, Value=Manager
// Name=Employee+title, ObjectType=System.String, Value=Employee
// Name=Person+title, ObjectType=System.String, Value=Person
// Manager -> Employee -> Person
using namespace System;
using namespace System::IO;
using namespace System::Runtime::Serialization;
using namespace System::Runtime::Serialization::Formatters;
using namespace System::Runtime::Serialization::Formatters::Binary;
using namespace System::Reflection;
using namespace System::Security::Permissions;
// Person is a serializable base class.
[Serializable]
public ref class Person
{
private:
String^ title;
public:
Person(String^ title)
{
this->title = title;
}
public:
virtual String^ ToString() override
{
return String::Format("{0}", title);
}
};
// Employee is a serializable class derived from Person.
[Serializable]
public ref class Employee : public Person
{
private:
String^ title;
public:
Employee(String^ title) : Person("Person")
{
this->title = title;
}
public:
virtual String^ ToString() override
{
return String::Format("{0} -> {1}", title, Person::ToString());
}
};
// Manager is a serializable and ISerializable class derived from Employee.
[Serializable]
ref class Manager : public Employee, public ISerializable
{
private:
String^ title;
public:
Manager() : Employee("Employee")
{
this->title = "Manager";
}
public:
[SecurityPermission(SecurityAction::Demand, SerializationFormatter = true)]
virtual void GetObjectData(SerializationInfo^ info, StreamingContext context)
{
// Serialize the desired values for this class.
info->AddValue("title", title);
// Get the set of serializable members for the class and base classes.
Type^ thisType = this->GetType();
array<MemberInfo^>^ serializableMembers =
FormatterServices::GetSerializableMembers(thisType, context);
// Serialize the base class's fields to the info object.
for each (MemberInfo^ serializableMember in serializableMembers)
{
// Do not serialize fields for this class.
if (serializableMember->DeclaringType != thisType)
{
// Skip this field if it is marked NonSerialized.
if (!(Attribute::IsDefined(serializableMember,
NonSerializedAttribute::typeid)))
{
// Get the value of this field and add it to the
// SerializationInfo object.
info->AddValue(serializableMember->Name,
((FieldInfo^)serializableMember)->GetValue(this));
}
}
}
// Call the method below to see the contents of the
// SerializationInfo object.
DisplaySerializationInfo(info);
}
private:
static void DisplaySerializationInfo(SerializationInfo^ info)
{
Console::WriteLine("Values in the SerializationInfo:");
for each (SerializationEntry^ infoEntry in info)
{
Console::WriteLine("Name={0}, ObjectType={1}, Value={2}",
infoEntry->Name, infoEntry->ObjectType, infoEntry->Value);
}
}
protected:
Manager(SerializationInfo^ info,
StreamingContext context) : Employee(nullptr)
{
// Get the set of serializable members for the class and base classes.
Type^ thisType = this->GetType();
array<MemberInfo^>^ serializableMembers =
FormatterServices::GetSerializableMembers(thisType, context);
// Deserialize the base class's fields from the info object.
for each (MemberInfo^ serializableMember in serializableMembers)
{
// Do not deserialize fields for this class.
if (serializableMember->DeclaringType != thisType)
{
// For easier coding, treat the member as a FieldInfo object
FieldInfo^ fieldInformation = (FieldInfo^)serializableMember;
// Skip this field if it is marked NonSerialized.
if (!(Attribute::IsDefined(serializableMember,
NonSerializedAttribute::typeid)))
{
// Get the value of this field from the
// SerializationInfo object.
fieldInformation->SetValue(this,
info->GetValue(fieldInformation->Name,
fieldInformation->FieldType));
}
}
}
// Deserialize the values that were serialized for this class.
title = info->GetString("title");
}
public:
virtual String^ ToString() override
{
return String::Format("{0} -> {1}", title, Employee::ToString());
}
};
int main()
{
Stream^ stream = gcnew MemoryStream();
IFormatter^ formatter = gcnew BinaryFormatter();
Manager^ m = gcnew Manager();
Console::WriteLine(m->ToString());
formatter->Serialize(stream, m);
stream->Position = 0;
m = (Manager^) formatter->Deserialize(stream);
Console::WriteLine(m->ToString());
}
// This code produces the following output.
//
// Manager -> Employee -> Person
// Values in the SerializaitonInfo:
// Name=title, ObjectType=System.String, Value=Manager
// Name=Employee+title, ObjectType=System.String, Value=Employee
// Name=Person+title, ObjectType=System.String, Value=Person
// Manager -> Employee -> Person
Plattformen
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
.NET Framework unterstützt nicht alle Versionen sämtlicher Plattformen. Eine Liste der unterstützten Versionen finden Sie unter Systemanforderungen.
Versionsinformationen
.NET Framework
Unterstützt in: 2.0, 1.1
Siehe auch
Referenz
FormatterServices-Klasse
FormatterServices-Member
System.Runtime.Serialization-Namespace