This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 48%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Hi,
I have this previous ".NetFramework 4.8" code to Serialize/Deserialize an "IntPtr". But it uses BinaryFormatter which is Obsolete and is supposed to be Highly Insecure and Vulnerable. So what is the Alternative way to achieve this in ‘.Net 6’?
Regards
Bikramjeeth Garevaul
My current code is::
Usage>>>
string packedString = Pack(someReferenceObject1);
IntPtr intPtr1 = (IntPtr)Unpack(packedString);
Actual Usage Scenario>>>
This is what it is being used eventually for
// $$ For Example we take this object.
SqlConnection con = new SqlConnection();
// $$ Converting the IntPtr of the Handle of the Object to String.
GCHandle handle = GCHandle.Alloc(con, GCHandleType.Normal);
IntPtr ip = GCHandle.ToIntPtr(handle);
string ipString = Pack(ip);
// $$ Converting the Object back from the IntPtr String.
GCHandle handle2 = GCHandle.FromIntPtr(Unpack(ipString));
SqlConnection con2 = (handle2.Target as SqlConnection);
Methods>>>
public static string Pack(object obj)
{
try
{
if (obj == null) throw new ArgumentNullException(nameof(obj));
using (MemoryStream input = new MemoryStream())
{
BinaryFormatter binaryFormatter = new BinaryFormatter();
binaryFormatter.Serialize(input, obj);
input.Seek(0, SeekOrigin.Begin);
using (MemoryStream output = new MemoryStream())
using (DeflateStream deflateStream = new DeflateStream(output, CompressionMode.Compress))
{
input.CopyTo(deflateStream);
deflateStream.Close();
return Convert.ToBase64String(output.ToArray());
}
}
}
catch (Exception ex)
{
throw (new Exception(ex.Message, ex));
}
finally
{
//
}
}
public static IntPtr Unpack(string packedString)
{
try
{
if (packedString == null) throw new ArgumentNullException(nameof(packedString));
using (MemoryStream input = new MemoryStream(Convert.FromBase64String(packedString)))
using (DeflateStream deflateStream = new DeflateStream(input, CompressionMode.Decompress))
using (MemoryStream output = new MemoryStream())
{
deflateStream.CopyTo(output);
deflateStream.Close();
output.Seek(0, SeekOrigin.Begin);
BinaryFormatter binaryFormatter = new BinaryFormatter();
IntPtr message = (IntPtr)binaryFormatter.Deserialize(output);
return message;
}
}
catch (Exception ex)
{
throw (new Exception(ex.Message, ex));
}
finally
{
//
}
}
===== Extra=====
Also.............. If I try the XmlSerializer instead of the BinaryFormatter.Serialize() and BinaryFormatter.Deserialize() lines, like,
In Pack.....
XmlSerializer xmlSerializer = new XmlSerializer(typeof(IntPtr));
xmlSerializer.Serialize(input, obj);
In Unpack.....
XmlSerializer xmlSerializer = new XmlSerializer(typeof(IntPtr));
IntPtr message = (IntPtr)xmlSerializer.Deserialize(output);
then it gives me an Error
"System.IntPtr is an unsupported type. Please use [XmlIgnore] attribute to exclude members of this type from serialization graph."
Why is IntPtr so important instead of object?
This is what it is being used eventually for
// $$ For Example we take this object.
SqlConnection con = new SqlConnection();
// $$ Converting the IntPtr of the Handle of the Object to String.
GCHandle handle = GCHandle.Alloc(con, GCHandleType.Normal);
IntPtr ip = GCHandle.ToIntPtr(handle);
string ipString = Pack(ip);
// $$ Converting the Object back from the IntPtr String.
GCHandle handle2 = GCHandle.FromIntPtr(Unpack(ipString));
SqlConnection con2 = (handle2.Target as SqlConnection);
Do you now why such artifices are needed?
And I think that IntPtr is not always valid after deserialization.
Do you know the solution ?
It depends on real usage of con and con2.
For example, in some cases you can do 'con2 = con'.
I think you are missing the point. The title of the question is "What is the alternative in .NetCore/.Net6 to Serialize/Deserialize "IntPtr" because BinaryFormatter is obsolete and is vulnerable and not secure at all".
Try this alternative:
IntPtr intptr = . . .
// serialization
string s = intptr.ToString( CultureInfo.InvariantCulture );
// deserialization
IntPtr intpte2 = IntPtr.Parse( s, CultureInfo.InvariantCulture );