BinaryFormatter.UnsafeDeserialize Method (Stream, HeaderHandler)


Deserializes the specified stream into an object graph. The provided HeaderHandler handles any headers in that stream.

Namespace:   System.Runtime.Serialization.Formatters.Binary
Assembly:  mscorlib (in mscorlib.dll)

public object UnsafeDeserialize(
	Stream serializationStream,
	HeaderHandler handler


Type: System.IO.Stream

The stream from which to deserialize the object graph.

Type: System.Runtime.Remoting.Messaging.HeaderHandler

The HeaderHandler that handles any headers in the serializationStream. Can be null.

Return Value

Type: System.Object

The deserialized object or the top object (root) of the object graph.

Exception Condition

The serializationStream is null.


The serializationStream supports seeking, but its length is 0.


The caller does not have the required permission.

Headers are used only for specific remoting applications.

This method uses SecurityAction.LinkDemand to prevent it from being called from untrusted code; only the immediate caller is required to have SecurityPermissionAttribute.SerializationFormatter permission. Do not use this method if your code can be called from partially trusted code. In partially trusted scenarios, use Deserialize instead. In full trust scenarios, UnsafeDeserialize provides better performance than Deserialize.

For successful deserialization, the current position in the stream must be at the beginning of the object graph.

System_CAPS_security Security Note

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Untrusted Data Security Risks.


To provide serialization services. Associated enumeration: SecurityPermissionFlag.SerializationFormatter.

.NET Framework
Available since 1.1
Return to top
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft