Export (0) Print
Expand All

Serialization Guidelines

This document lists the guidelines to consider when designing an API to be serialized.

The .NET Framework offers three main serialization technologies that are optimized for various serialization scenarios. The following table lists these technologies and the main Framework types related to these technologies.

Technology Relevant Classes Notes

Data Contract Serialization

DataContractAttribute

DataMemberAttribute

DataContractSerializer

NetDataContractSerializer

DataContractJsonSerializer

ISerializable

General persistence

Web Services

JSON

XML Serialization

XmlSerializer

XML format with full control

Runtime -Serialization (Binary and SOAP)

SerializableAttribute

ISerializable

BinaryFormatter

SoapFormatter

.NET Remoting

When you design new types, you should decide which, if any, of these technologies those types need to support. The following guidelines describe how to make that choice and how to provide such support. These guidelines are not meant to help you choose which serialization technology you should use in the implementation of your application or library. Such guidelines are not directly related to API design and thus are not within the scope of this topic.

Guidelines

  • DO think about serialization when you design new types.

    Serialization is an important design consideration for any type, because programs might need to persist or transmit instances of the type.

Choosing the Right Serialization Technology to Support

Any given type can support none, one, or more of the serialization technologies.

  • CONSIDER supporting data contract serialization if instances of your type might need to be persisted or used in Web Services.

  • CONSIDER supporting the XML serialization instead of or in addition to data contract serialization if you need more control over the XML format that is produced when the type is serialized.

    This may be necessary in some interoperability scenarios where you need to use an XML construct that is not supported by data contract serialization, for example, to produce XML attributes.

  • CONSIDER supporting runtime serialization if instances of your type need to travel across .NET Remoting boundaries.

  • AVOID supporting runtime serialization or XML serialization just for general persistence reasons. Prefer data contract serialization instead

Supporting Data Contract Serialization

Types can support data contract serialization by applying the DataContractAttribute to the type and the DataMemberAttribute to the members (fields and properties) of the type.

[DataContract]
class Person
{

    [DataMember]
    string LastName { get; set; }
    [DataMember]
    string FirstName { get; set; }

    public Person(string firstNameValue, string lastNameValue)
    {
        FirstName = firstNameValue;
        LastName = lastNameValue;
    }
}


  1. CONSIDER marking data members of your type public if the type can be used in partial trust. In full trust, data contract serializers can serialize and deserialize nonpublic types and members, but only public members can be serialized and deserialized in partial trust.

  2. DO implement a getter and setter on all properties that have Data-MemberAttribute. Data contract serializers require both the getter and the setter for the type to be considered serializable. If the type won’t be used in partial trust, one or both of the property accessors can be nonpublic.

    [DataContract]
    class Person2
    {
    
        string lastName;
        string firstName;
    
        public Person2(string firstName, string lastName)
        {
            this.lastName = lastName;
            this.firstName = firstName;
        }
    
        [DataMember]
        public string LastName
        { 
            // Implement get and set.
            get { return lastName; }
            private set { lastName = value; }
    
        }
    
        [DataMember]
        public string FirstName
        {
            // Implement get and set.
            get { return firstName; }
            private set { firstName = value; }
        }
    }
    
    
  3. CONSIDER using the serialization callbacks for initialization of deserialized instances.

    Constructors are not called when objects are deserialized. Therefore, any logic that executes during normal construction needs to be implemented as one of the serialization callbacks.

    [DataContract]
    class Person3
    {
        [DataMember]
        string lastName;
        [DataMember]
        string firstName;
        string fullName;
    
        public Person3(string firstName, string lastName)
        {
            // This constructor is not called during deserialization.
            this.lastName = lastName;
            this.firstName = firstName;
            fullName = firstName + " " + lastName;
        }
    
        public string FullName
        {
            get { return fullName; }
        }
    
        // This method is called after the object 
        // is completely deserialized. Use it instead of the
        // constructror.
        [OnDeserialized] 
        void OnDeserialized(StreamingContext context)
        {
            fullName = firstName + " " + lastName;
        }
    }
    
    
    The OnDeserializedAttribute attribute is the most commonly used callback attribute. The other attributes in the family are OnDeserializingAttribute, OnSeralizingAttribute, and OnSerializedAttribute. They can be used to mark callbacks that get executed before deserialization, before serialization, and finally, after serialization, respectively.

  4. CONSIDER using the KnownTypeAttribute to indicate concrete types that should be used when deserializing a complex object graph.

    For example, if a type of a deserialized data member is represented by an abstract class, the serializer will need the known type information to decide what concrete type to instantiate and assign to the member. If the known type is not specified using the attribute, it will need to be passed to the serializer explicitly (you can do it by passing known types to the serializer constructor) or it will need to be specified in the configuration file.

    // The KnownTypeAttribute specifies types to be
    // used during serialization.
    [KnownType(typeof(USAddress))]
    [DataContract]
    class Person4
    {
    
        [DataMember]
        string fullNameValue;
        [DataMember]
        Address address; // Address is abstract
    
        public Person4(string fullName, Address address)
        {
            this.fullNameValue = fullName;
            this.address = address;
        }
    
        public string FullName
        {
            get { return fullNameValue; }
        }
    }
    
    [DataContract]
    public abstract class Address
    {
        public abstract string FullAddress { get; }
    }
    
    [DataContract]
    public class USAddress : Address
    {
    
        [DataMember]
        public string Street { get; set; }
        [DataMember]
        public string City { get; set; }
        [DataMember]
        public string State { get; set; }
        [DataMember]
        public string ZipCode { get; set; }
    
        public override string FullAddress
        {
            get
            {
                return Street + "\n" + City + ", " + State + " " + ZipCode;
            }
        }
    }
    
    
    In cases where the list of known types is not known statically (when the Person class is compiled), the KnownTypeAttribute can also point to a method that returns a list of known types at runtime.

  5. DO consider backward and forward compatibility when creating or changing serializable types.

    Keep in mind that serialized streams of future versions of your type can be deserialized into the current version of the type, and vice versa. Make sure you understand that data members, even private and internal, cannot change their names, types, or even their order in future versions of the type unless special care is taken to preserve the contract using explicit parameters to the data contract attributes.Test compatibility of serialization when making changes to serializable types. Try deserializing the new version into an old version, and vice versa.

  6. CONSIDER implementing IExtensibleDataObject interface to allow round-tripping between different versions of the type.

    The interface allows the serializer to ensure that no data is lost during round-tripping. The ExtensionData property stores any data from the future version of the type that is unknown to the current version. When the current version is subsequently serialized and deserialized into a future version, the additional data will be available in the serialized stream through the ExtensionData property value.

    // Implement the IExtensibleDataObject interface.
    [DataContract]
    class Person5 : IExtensibleDataObject
    {
        ExtensionDataObject serializationData;
        [DataMember]
        string fullNameValue;
    
        public Person5(string fullName)
        {
            this.fullNameValue = fullName;
        }
    
        public string FullName
        {
            get { return fullNameValue; }
        }
                
        ExtensionDataObject IExtensibleDataObject.ExtensionData
        {
            get 
            {                 
                return serializationData; 
            }
            set { serializationData = value; }
        }
    }
    
    
    For more information, see Forward-Compatible Data Contracts.

Supporting XML Serialization

Data contract serialization is the main (default) serialization technology in the .NET Framework, but there are serialization scenarios that data contract serialization does not support. For example, it does not give you full control over the shape of XML produced or consumed by the serializer. If such fine control is required, XML serialization has to be used, and you need to design your types to support this serialization technology.

  1. AVOID designing your types specifically for XML Serialization, unless you have a very strong reason to control the shape of the XML produced. This serialization technology has been superseded by the Data Contract Serialization discussed in the previous section.

    In other words, don’t apply attributes from the System.Runtime.Serialization namespace to new types, unless you know that the type will be used with XML Serialization. The following example shows how System.Xml.Serialization can be used to control the shape of the XML -produced.

    public class Address2
    {
        [System.Xml.Serialization.XmlAttribute] // Serialize as XML attribute, instead of an element.
        public string Name { get { return "Poe, Toni"; } set { } }
        [System.Xml.Serialization.XmlElement(ElementName = "StreetLine")] // Explicitly name the element.
        public string Street = "1 Main Street";        
    }
    
    
  2. CONSIDER implementing the IXmlSerializable interface if you want even more control over the shape of the serialized XML than what’s offered by applying the XML Serialization attributes. Two methods of the interface, ReadXmland WriteXml, allow you to fully control the serialized XML stream. You can also control the XML schema that gets generated for the type by applying the XmlSchemaProviderAttribute attribute.

Supporting Runtime Serialization

Runtime serialization is a technology used by .NET Remoting. If you think your types will be transported using .NET Remoting, you need to make sure they support runtime serialization.

The basic support for runtime serialization can be provided by applying the SerializableAttribute attribute, and more advanced scenarios involve implementing a simple runtime serializable pattern (implement -ISerializable and provide a serialization constructor).

  1. CONSIDER supporting runtime serialization if your types will be used with .NET Remoting. For example, the System.AddIn namespace uses .NET Remoting, and so all types exchanged between System.AddIn add-ins need to support runtime serialization.

    // Apply SerializableAttribute to support runtime serialization.
    [Serializable]
    public class Person6 
    {
        // Code not shown.
    }
    
    
  2. CONSIDER implementing the runtime serializable pattern if you want complete control over the serialization process. For example, if you want to transform data as it gets serialized or deserialized.

    The pattern is very simple. All you need to do is implement the ISerializable interface and provide a special constructor that is used when the object is deserialized.

    // Implement the ISerializable interface for more control.
    [Serializable]
    public class Person_Runtime_Serializable : ISerializable
    {
        string fullName;
    
        public Person_Runtime_Serializable() { }
        protected Person_Runtime_Serializable(SerializationInfo info, StreamingContext context){
            if (info == null) throw new System.ArgumentNullException("info");
            fullName = (string)info.GetValue("name", typeof(string));
        }
        [SecurityPermission(SecurityAction.LinkDemand,
        Flags = SecurityPermissionFlag.SerializationFormatter)]
        void ISerializable.GetObjectData(SerializationInfo info,
                StreamingContext context) {
            if (info == null) throw new System.ArgumentNullException("info");
            info.AddValue("name", fullName);
        }
    
        public string FullName
        {
            get { return fullName; }
            set { fullName = value; }
        }
    }
    
    
  3. DO make the serialization constructor protected and provide two parameters typed and named exactly as shown in the sample here.

    protected Person_Runtime_Serializable(SerializationInfo info, StreamingContext context){
    
    
  4. DO implement the ISerializable members explicitly.

    void ISerializable.GetObjectData(SerializationInfo info,
            StreamingContext context) {
    
    
  5. DO apply a link demand to ISerializable.GetObjectData implementation. This ensures that only fully trusted core and the runtime serializer have access to the member.

    [SecurityPermission(SecurityAction.LinkDemand,
    Flags = SecurityPermissionFlag.SerializationFormatter)]
    
    

See Also

Community Additions

ADD
Show:
© 2014 Microsoft