Compartir a través de


Selective Serialization 

A class often contains fields that should not be serialized. For example, assume a class stores a thread ID in a member variable. When the class is deserialized, the thread stored the ID for when the class was serialized might no longer be running; so serializing this value does not make sense. You can prevent member variables from being serialized by marking them with the NonSerialized attribute as follows.

[Serializable]
public class MyObject 
{
  public int n1;
  [NonSerialized] public int n2;
  public String str;
}

If possible, make an object that could contain security-sensitive data nonserializable. If the object must be serialized, apply the NonSerialized attribute to specific fields that store sensitive data. If you do not exclude these fields from serialization, be aware that the data they store will be exposed to any code that has permission to serialize. For more information about writing secure serialization code, see Security and Serialization.

See Also

Concepts

Security and Serialization

Other Resources

Binary Serialization
.NET Remoting
XML and SOAP Serialization