Transforming a member into another type for (de)serialization process.

Question

0.00/5 (No votes)

See more:

.NET4.5

Hey,

Lets say I have a class which contains an internal sensitive structure whose content I don't want to reveal to my user when he receives an object I've serialized, but it is essential that he would have receive this data (a token...)

In other words, I'm interested in replacing this structure with a seriailzed-encrypted string, which will be deconverted into the structure when deserializing the class. This behaviour is expected everytime the class is used in serialization, therefore I would expect to decorate the class with a certain attribute.

Is there a standard way to do that? I know that JSON.NET has a "JsonConverterAttribute", but I prefer the approach of serializer-agnostic classes (I use DataMemberAttribute), and I don't want JSON.NET as a dependency (or as my sole supported serializer...)

I have tried ignoring the internal structure, and using a string property, that sets and gets the internal structure. It was an adequate solution for deserialization, but I had no passable solution for serialization.

I have also tried to create a generic object something like SerializationTransformationObject<tinternaltype,>. It worked fine, but had some esthetic disadvantages. I'm implementing my own JsonConverter already (currently for Deserialization only), I've considered adding support for the forementioned type. That way, my Json Serializer solves the problem himself, without creating dependencies in my code.

I also considered compiling JSON.NET myself, and defining an identical attribute in my abstract serialization library.

What would you recommend?

Thanks!

Posted 25-Sep-13 14:29pm

ShacharK

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ron Beyer · Answer 1 · 2013-09-25T15:59:00

Solution 1

Inherit ISerializable and then implement custom serialization. All you need to do then is to encrypt the data using whatever encryption you want. You can then use a private/public key encryption system to deserialize the data on the other side.

That's what I would do anyway.

[Edit]
See this[^]

AES encryption[^]

You can always convert the byte stream to a Base-64 string, then encrypt the string and send it over as plain text, XML, or JSON.

Posted 25-Sep-13 15:59pm

Ron Beyer

Updated 25-Sep-13 16:01pm

v2

Comments

ShacharK 26-Sep-13 10:21am

I don't see how implementing ISerializable is of any help. I have a custom object that exposes String instead of an object. I need it to be transparent, as if it never existed.

InternalStructureToStringSerializationObject should output a serialized string, and it could be initialized from a string as well.

Instead of: { "Output" : "EncryptedString" }, it should be serialized to "EncryptedString" only.