Breaking Change T1159158
Visible to All Users

DataAccess Library: Deserialization-related changes

What Changed

BinaryFormatter is no longer supported. Implement a converter to serialize and deserialize objects assigned to the following properties:

Reasons for Change

According to Microsoft, BinaryFormatter is unsafe and should not be used for data processing. For additional information, refer to Microsoft's BinaryFormatter security guide.

Impact on the Existing App

Custom types that use binary serialization will not be (de)serialized to XML.

How to Update the Existing App

You can (de)serialize custom types in one of the following ways:

Implement a Converter

Implement a converter (via the IOneTypeObjectConverter interface) that converts a custom type to/from a string. This converter is invoked automatically whenever our (de)serialization mechanism encounters a registered custom type.

The following example illustrates how to create a simple converter and register it:

C#
using DevExpress.Utils.Serializing.Helpers; struct CustomType { public readonly int Value; public CustomType(int value) { this.Value = value; } } public class CustomTypeConverter : IOneTypeObjectConverter { public Type Type { get { return typeof(CustomType); } } public string ToString(object obj) { return ((CustomType)obj).Value.ToString("D"); } public object FromString(string str) { return new CustomType(int.Parse(str)); } } // Register the converter at application startup. ObjectConverter.Instance.RegisterConverter(new CustomTypeConverter());

Implement a Custom Serializer

The following code snippet illustrates how to create and register a custom serializer:

C#
class CustomClassSerializer : IDataSerializer { public static string SerializeObject(object data) { return JsonConvert.SerializeObject(data); } bool IDataSerializer.CanDeserialize(string value, string typeName, object extensionProvider) { return true; } bool IDataSerializer.CanSerialize(object data, object extensionProvider) { return true; } object IDataSerializer.Deserialize(string value, string typeName, object extensionProvider) { return JsonConvert.DeserializeObject<CustomClass>(value); } string IDataSerializer.Serialize(object data, object extensionProvider) { return SerializeObject(data); } } // Register the converter at application startup. SerializationService.RegisterSerializer(DevExpress.DataAccess.Native.DataAccessXmlSerializerSettings.CustomSerializerName, new CustomClassSerializer());

How to Revert to Previous Behavior

The previous behavior is no longer available.

Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.