Menu
The error I'm getting is:
Type 'OrgPermission' in Assembly 'App_Code.ptjvczom, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable. here is my code:
I have a gridview, that uses the following DataSource:
<asp:ObjectDataSource ID="ObjectDataSource1" runat="server" SelectMethod="GetOrgList" TypeName="Org"> <SelectParameters> <asp:SessionParameter Name="orgCodes" SessionField="UserOrgs" Type="Object" /> <asp:Parameter DefaultValue="Y" Name="active" Type="String" /> </SelectParameters> </asp:ObjectDataSource> I set the session variable in my page load like so:
User cUser = new User(userid); //make sure the user is an Admin List<OrgPermission> orgs = new List<OrgPermission>(); foreach(OrgPermission org in cUser.orgs) { if (org.type=='admin') { orgs.Add(org); } } Session["UserOrgs"] = orgs; My user class looks like this:
public class OrgPermission { public string Org { get; set; } public List<string> type { get; set; } public OrgPermission() { } } public class cUser { public string userid { get; set; } public List<OrgPermission> orgs { get; set; } public clsUser(string username) { //i set everything here } } I can't understand why it's breaking, can I use it without making it serializable?
I tried to debug, and the session variable sets just fine, it then goes into the GetOrgList and returned correct results, but the page does not load and I get the error above.
Here is a snippet of my GetOrgList function:
public DataTable GetOrgList(List<OrgPermission> orgCodes, string active) { string orgList = null; //code to set OrgList using the parameter is here. DataSet ds = new DataSet(); SqlConnection conn = new SqlConnection(cCon.getConn()); SqlCommand cmd = new SqlCommand("sp_GetOrgList", conn); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add(new SqlParameter("@orgList", orgList)); cmd.Parameters.Add(new SqlParameter("@active", active)); conn.Open(); SqlDataAdapter sqlDA = new SqlDataAdapter(); sqlDA.SelectCommand = cmd; sqlDA.Fill(ds); conn.Close(); return ds.Tables[0]; } 
562
The easiest way to make a class serializable is to mark it with the SerializableAttribute as follows. The following code example shows how an instance of this class can be serialized to a file. MyObject obj = new MyObject(); obj. n1 = 1; obj.
Serialization is the process of converting an object into a stream of bytes to store the object or transmit it to memory, a database, or a file. Its main purpose is to save the state of an object in order to be able to recreate it when needed.
Serialization allows the developer to save the state of an object and recreate it as needed, providing storage of objects as well as data exchange.
There are three types of serialization in . Net : Binary Serialization, SOAP Serialization and XML Serialization. Binary serialization is the process where you convert your . NET objects into byte stream.
You need to add a Serializable attribute to the class which you want to serialize.
[Serializable] public class OrgPermission If you store an object in session state, that object must be serializable.
http://www.hpenterprisesecurity.com/vulncat/en/vulncat/dotnet/asp_dotnet_bad_practices_non_serializable_object_stored_in_session.html
edit:
In order for the session to be serialized correctly, all objects the application stores as session attributes must declare the [Serializable] attribute. Additionally, if the object requires custom serialization methods, it must also implement the ISerializable interface.
https://vulncat.hpefod.com/en/detail?id=desc.structural.dotnet.asp_dotnet_bad_practices_non_serializable_object_stored_in_session#C%23%2fVB.NET%2fASP.NET
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
