BinaryFormatter.Deserialize Method

Definition

Deserializes a stream into an object graph.

Overloads

Deserialize(Stream)
Obsolete.

Deserializes the specified stream into an object graph.

Deserialize(Stream, HeaderHandler)

Deserializes the specified stream into an object graph. The provided HeaderHandler handles any headers in that stream.

Remarks

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

Deserialize(Stream)

Caution

BinaryFormatter serialization is obsolete and should not be used. See https://aka.ms/binaryformatter for more information.

Deserializes the specified stream into an object graph.

public:
 virtual System::Object ^ Deserialize(System::IO::Stream ^ serializationStream);
[System.Obsolete("BinaryFormatter serialization is obsolete and should not be used. See https://aka.ms/binaryformatter for more information.", DiagnosticId="SYSLIB0011", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public object Deserialize (System.IO.Stream serializationStream);
public object Deserialize (System.IO.Stream serializationStream);
[<System.Obsolete("BinaryFormatter serialization is obsolete and should not be used. See https://aka.ms/binaryformatter for more information.", DiagnosticId="SYSLIB0011", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
abstract member Deserialize : System.IO.Stream -> obj
override this.Deserialize : System.IO.Stream -> obj
abstract member Deserialize : System.IO.Stream -> obj
override this.Deserialize : System.IO.Stream -> obj
Public Function Deserialize (serializationStream As Stream) As Object

Parameters

serializationStream
Stream

The stream from which to deserialize the object graph.

Returns

The top (root) of the object graph.

Implements

Attributes

Exceptions

The serializationStream is null.

The serializationStream supports seeking, but its length is 0.

-or-

The input stream does not represent a well-formed BinaryFormatter serialized payload.

-or-

An error occurred while deserializing an object from the input stream.

The InnerException property may contain more information about the root cause.

The caller does not have the required permission.

ASP.NET Core 5 and later: Always thrown unless BinaryFormatter functionality is re-enabled in the project file. For more information, see Resolving BinaryFormatter obsoletion and disablement errors.

Remarks

Warning

BinaryFormatter is insecure and can't be made secure. For more information, see the BinaryFormatter security guide.

For successful deserialization, the current position in the stream must be at the beginning of the object graph.

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

Applies to

Deserialize(Stream, HeaderHandler)

Deserializes the specified stream into an object graph. The provided HeaderHandler handles any headers in that stream.

public:
 virtual System::Object ^ Deserialize(System::IO::Stream ^ serializationStream, System::Runtime::Remoting::Messaging::HeaderHandler ^ handler);
public object Deserialize (System.IO.Stream serializationStream, System.Runtime.Remoting.Messaging.HeaderHandler handler);
abstract member Deserialize : System.IO.Stream * System.Runtime.Remoting.Messaging.HeaderHandler -> obj
override this.Deserialize : System.IO.Stream * System.Runtime.Remoting.Messaging.HeaderHandler -> obj
Public Function Deserialize (serializationStream As Stream, handler As HeaderHandler) As Object

Parameters

serializationStream
Stream

The stream from which to deserialize the object graph.

handler
HeaderHandler

The HeaderHandler that handles any headers in the serializationStream. Can be null.

Returns

The deserialized object or the top object (root) of the object graph.

Implements

Exceptions

The serializationStream is null.

The serializationStream supports seeking, but its length is 0.

-or-

The target type is a Decimal, but the value is out of range of the Decimal type.

The caller does not have the required permission.

Remarks

Warning

BinaryFormatter is insecure and can't be made secure. For more information, see the BinaryFormatter security guide.

Headers are used only for specific remoting applications.

For deserialization to succeed, the current position in the stream must be at the beginning of the object graph.

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

Applies to