Serialization

Objects cannot be sent over the network as they are. They need to be serialized into a byte array in order to be transferred. After received, the byte array must be deserialized into an object again. CoreRemoting does all this serialization work for you automatically.

To make our life more exciting, there are different ways to serialize C# objects. And each of these different ways have advantages and disadvantages. The serializers, that implement that different ways of serialization, are not hard coded into CoreRemoting. Serializers are integrated via an adapter component instead. Such an adapter must implement the ISerializerAdapter interface.

CoreRemoting supports the following serializers out of the box:

Serializer	Description	Serializer adapter class
BSON (with JSON.NET)	Serializes almost every type into a Binary JSON stream	BsonSerializerAdapter
BinaryFormatter	Serializes types that are marked [Serializable] or implement ISerializable interface into a byte stream	BinarySerializerAdapter

You can tell CoreRemoting which serializer should be used via configuration (ClientConfig / ServerConfig). Just create an instance of the serializer adapter of your choice and assign it to Serializer property.

Important! Client and server must use the same serializer type in order to understand each others messages.

BSON Serializer

If you don't specify a serializer, BSON serializer is used by default. BSON is a modern serialization format. It's faster and the serialized data is smaller than regular JSON. The fact that it is not human readable and is not supported by web browsers and Javascript interpreters doesn't matter, because CoreRemoting communicates from .NET to .NET and doesn't support Javascript clients. If you write a new application and have no very special requirements BSON serializer should be a good choice in most cases. You can extend the BSON serializer with custom JSON Converters(they work also for BSON) to control how specified types are serialized. Just set your needed JSON Converters at BsonSerializerConfig object and pass this to the BsonSerializerAdapter.

Binary Serializer

The second serializer that is supported out of the box, is the classic BinaryFormatter. It has been around since .NET Framework 1.0 and it's still there in .NET 5. The BinaryFormatter is your friend and should be used, if you have one of the following requirements:

• You're migrating a existing .NET Remoting application to CoreRemoting and want maximum compatibility
• You are using (typed) DataTables / DataSets and want to keep the row versions during serialization (DiffGrams)

The BinarySerializerConfig object can be used to pass custom configuration like TypeFilterLevel to the BinarySerializerAdapter instance.

It is often said, that BinaryFormatter is insecure and should not be used. There are some attack patterns indeed, but CoreRemoting is mitigating most of them. This is done via custom binders and surrogate selectors. Anyway I don't recommend to use BinaryFormatter in applications that are exposed to the internet. Especially when the clients are anonymous ones. In a application that is working on a company LAN or via VPN, wich is only used by known and trusted users, the risk of an successful attack is very low. But as always it depends on your requirements. At the end it is up to you, to decide if BinaryFormatter is secure enough for your scenario. If you are unsure, use the BSON serializer.

Other Serializers?

If none of the above described serializers fits your needs, you could integrate the serializer of your choice easily. Just implement ISerializerAdapter interface. You can use the source code of the existing serializer adapters as inspiration.

Cross framework serialization

To support deserialization of .NET Core/.NET 5+ types on a .NET Framework 4.x process, add the following line in your Main method: CrossFrameworkSerialization.RedirectPrivateCoreLibToMscorlib(); To support deserialization of .NET Framework 4.x types on a .NET Core/.NET 5+ process, use: CrossFrameworkSerialization.RedirectMscorlibToPrivateCoreLib();