Edit

Share via


System.Runtime.Serialization.DataContractSerializer class

This article provides supplementary remarks to the reference documentation for this API.

Use the DataContractSerializer class to serialize and deserialize instances of a type into an XML stream or document. For example, you can create a type named Person with properties that contain essential data, such as a name and address. You can then create and manipulate an instance of the Person class and write all of its property values in an XML document for later retrieval, or in an XML stream for immediate transport. Most important, the DataContractSerializer is used to serialize and deserialize data sent in Windows Communication Foundation (WCF) messages. Apply the DataContractAttribute attribute to classes, and the DataMemberAttribute attribute to class members to specify properties and fields that are serialized.

For a list of types that can be serialized, see Types Supported by the Data Contract Serializer.

To use the DataContractSerializer, first create an instance of a class and an object appropriate to writing or reading the format; for example, an instance of the XmlDictionaryWriter. Then call the WriteObject method to persist the data. To retrieve data, create an object appropriate to reading the data format (such as an XmlDictionaryReader for an XML document) and call the ReadObject method.

For more information about using the DataContractSerializer, see Serialization and Deserialization.

You can set the type of a data contract serializer using the <dataContractSerializer> element in a client application configuration file.

Prepare classes for serialization or deserialization

The DataContractSerializer is used in combination with the DataContractAttribute and DataMemberAttribute classes. To prepare a class for serialization, apply the DataContractAttribute to the class. For each member of the class that returns data that you want to serialize, apply the DataMemberAttribute. You can serialize fields and properties, regardless of accessibility: private, protected, internal, protected internal, or public.

For example, your schema specifies a Customer with an ID property, but you already have an existing application that uses a type named Person with a Name property. To create a type that conforms to the contract, first apply the DataContractAttribute to the class. Then apply the DataMemberAttribute to every field or property that you want to serialize.

Note

You can apply the DataMemberAttribute to both private and public members.

The final format of the XML need not be text. Instead, the DataContractSerializer writes the data as an XML infoset, which allows you to write the data to any format recognized by the XmlReader and XmlWriter. It is recommended that you use the XmlDictionaryReader and XmlDictionaryWriter classes to read and write, because both are optimized to work with the DataContractSerializer.

If you are creating a class that has fields or properties that must be populated before the serialization or deserialization occurs, use callback attributes, as described in Version-Tolerant Serialization Callbacks.

Add to the collection of known types

When serializing or deserializing an object, it is required that the type is "known" to the DataContractSerializer. Begin by creating an instance of a class that implements IEnumerable<T> (such as List<T>) and adding the known types to the collection. Then create an instance of the DataContractSerializer using one of the overloads that takes the IEnumerable<T> (for example, DataContractSerializer(Type, IEnumerable<Type>)).

Note

Unlike other primitive types, the DateTimeOffset structure is not a known type by default, so it must be manually added to the list of known types (see Data Contract Known Types).

Forward compatibility

The DataContractSerializer understands data contracts that have been designed to be compatible with future versions of the contract. Such types implement the IExtensibleDataObject interface. The interface features the ExtensionData property that returns an ExtensionDataObject object. For more information, see Forward-Compatible Data Contracts.

Run under partial trust

When instantiating the target object during deserialization, the DataContractSerializer does not call the constructor of the target object. If you author a [DataContract] type that is accessible from partial trust (that is, it is public and in an assembly that has the AllowPartiallyTrustedCallers attribute applied) and that performs some security-related actions, you must be aware that the constructor is not called. In particular, the following techniques do not work:

  • If you try to restrict partial trust access by making the constructor internal or private, or by adding a LinkDemand to the constructor -- neither of these have any effect during deserialization under partial trust.
  • If you code the class that assumes the constructor has run, the class may get into an invalid internal state that is exploitable.