Export (0) Print
Expand All

TypeFilterLevel Enumeration

Specifies the level of automatic deserialization for .NET Framework remoting.

Namespace:  System.Runtime.Serialization.Formatters
Assembly:  mscorlib (in mscorlib.dll)

public enum TypeFilterLevel

Member nameDescription
FullThe full deserialization level for .NET Framework remoting. It supports all types that remoting supports in all situations.
LowThe low deserialization level for .NET Framework remoting. It supports types associated with basic remoting functionality.

.NET Framework remoting provides two levels of automatic deserialization, Low and Full. The Low deserialization level helps protect against deserialization attacks by deserializing only the types associated with the most basic remoting functionality. The Full deserialization level supports automatic deserialization of all types that remoting supports in all situations. For a list of the .NET Framework remoting types that Low and Full support, see [<topic://cpconAutomaticDeserializationInNETRemoting>].

You can set the members of this enumeration programmatically or by using an application configuration file. For examples, see [<topic://cpconAutomaticDeserializationInNETRemoting>].

Caution noteCaution

Do not assume that controlling deserialization is the only security your application requires. In distributed applications, even a high degree of control over serialization might not prevent malicious clients from intercepting the communication and using it in some way, even if that is merely showing data to others. Therefore, although the Low deserialization level provides some protection against certain types of attack based upon automatic deserialization, you must still evaluate whether to use authentication and encryption to help protect the confidentiality of your data.

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0, 1.1

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
© 2015 Microsoft