Stack Overflow
Stack Overflow

Questions tagged [binaryformatter]

`BinaryFormatter` is an insecure serializer built into the .net framework, that's disabled by default in ASP.NET web apps since .NET 5.0. Microsoft advises against its use and is in the process of removing it. It serializes fields regardless of their visibility into an unspecified binary format. It supports polymorphism and cyclic object graphs.

According to the class's documentation page :

BinaryFormatter is insecure and can't be made secure. For more information, see the BinaryFormatter security guide.

BinaryFormatter serialization methods are obsolete and prohibited in ASP.NET apps

An open source, cross-platform alternative is Protocol Buffers. In .NET Protocol Buffers are supported through the gRPC tooling or libraries like protobuf-net

363 questions
35
votes
6 answers

C# Object Binary Serialization

I want to make a binary serialize of an object and the result to save it in a database. Person person = new Person(); person.Name = "something"; MemoryStream memorystream = new MemoryStream(); BinaryFormatter bf = new…
Emanuel
  • 6,622
  • 20
  • 58
  • 78
28
votes
5 answers

Binary Deserialization with different assembly version

I have a project which uses BinaryFormatter to serialize a collection of structs with string and bool? datatypes. The serialization/deserialization works fine, however if I were to change the assembly which does the work it fails to deserialize…
Matthew Savage
  • 3,794
  • 10
  • 43
  • 53
24
votes
2 answers

BinaryFormatter and Deserialization Complex objects

Can not deserialize following object graph. That Exception occurs when deserialize method called on BinaryFormmater: System.Runtime.Serialization.SerializationException : The constructor to deserialize an object of type 'C' was not found. There're…
jack-london
  • 1,599
  • 3
  • 21
  • 42
24
votes
1 answer

.Net Where to find the official specification of the BinaryFormatter serialization format?

I'd like to know what is the serialization format of the BinaryFormatter. I found this site which give some good informations, but it was obtained by reverse engineering and it is not complete. Where can I find the official specification of the…
Jeff Cyr
  • 4,774
  • 1
  • 28
  • 42
21
votes
6 answers

Is there a high performance way to replace the BinaryFormatter in .NET5?

Before .NET5 we serialize/deserialize the Bytes/Object by these code: private static byte[] StructToBytes(T t) { using (var ms = new MemoryStream()) { var bf = new BinaryFormatter(); …
Fair
  • 431
  • 1
  • 5
  • 11
21
votes
5 answers

How to get BinaryFormatter to deserialize in a different application

I am using BinaryFormatter to serialize an array of class instances to a file. I can deserialize this fine within the same application. When I try the same deserialization in a different application (that pulls in a common file that does the work)…
Sam Mackrill
  • 4,004
  • 8
  • 35
  • 55
17
votes
3 answers

BinaryFormatter alternatives

A BinaryFormatter-serialized array of 128³ doubles, takes up 50 MB of space. Serializing an array of 128³ structs with two double fields takes up 150 MB and over 20 seconds to process. Are there fast simple alternatives that would generate compact…
Don Reba
  • 13,814
  • 3
  • 48
  • 61
16
votes
1 answer

How do I ignore event subscribers when serializing an object?

When the following class is serialized with a BinaryFormatter, any objects subscribing to the Roar event will also be serialized, since references to those objects are held by the EventHandler delegate. [Serializable] public class Lion { public…
xyz
  • 27,223
  • 29
  • 105
  • 125
13
votes
3 answers

Why is BinaryFormatter trying to serialize an Event on a Serializable class?

I have a simple class that is marked as Serializable, and it happens to have an event. I tried to mark the event member as NonSerialized, however the compiler complains. Yet when I go to serialize the class instance, the BinaryFormatter throws an…
Rhubarb
  • 3,893
  • 6
  • 41
  • 55
13
votes
6 answers

BinaryFormatter deserialize gives SerializationException

I'm getting an: System.Runtime.Serialization.SerializationException: Unable to find assembly 'myNameSpace, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null When trying to deserialize some data in another program than the program I…
Toad
  • 15,593
  • 16
  • 82
  • 128
12
votes
4 answers

SerializationBinder with List

I'm trying to make the BinaryFormatter work across different versions of my assembly. The actual class I want to deserialize to is exactly the same in each assembly version, but on deserialization, because the objects are serialized include the…
dan
  • 9,712
  • 6
  • 49
  • 62
11
votes
1 answer

OnSerializing/OnSerialized methods not always called

Here is a structure I serialize in my project: [Serializable] class A : List //root object being serialized [Serializable] class B + [A few serializable fields] + C customList [Serializable] class C : List [Serializable] class D +…
Spencer Hakim
  • 1,543
  • 9
  • 19
10
votes
3 answers

Serialization and Obfuscation in .NET

I have a binary that I want to obfuscate and hand out to users. Let us assume I use an unobfuscated version of my binary to serialize data using the off-the-shelf .NET binary formatter. Could we then deserialize the data with the obfuscated…
user982815
  • 111
  • 1
  • 3
10
votes
3 answers

Backwards compatibility in .NET with BinaryFormatter

We use BinaryFormatter in a C# game, to save user game progress, game levels, etc. We are running into the problem of backwards compatibility. The aims: Level designer creates campaign (levels&rules), we change the code, the campaign should still…
Stefan Monov
  • 11,332
  • 10
  • 63
  • 120
9
votes
3 answers

Performance: BinaryFormatter vs. XmlSerializer

I read very often that the BinaryFormatter has better performance then XmlSerializer. Out of curiosity, I wrote a test-app. a wtf moment... why is Xml so much faster than Bin (especially the deserialization)? using System; using…
Lukas
  • 91
  • 1
  • 1
  • 4
1
2 3
24 25