Is this a bug in JSON.NET or Entity Framework or am I doing something wrong while trying to serialize a list of Exceptions with JSON.NET?

Question

Got this error when trying to serialize a set of errors:

\"ISerializable type \'System.Data.Entity.Infrastructure.DbUpdateConcurrencyException\' does not have a valid co

Answer 1

The issue appears to be that, for ISerializable objects, Json.NET does not support serialization of proxy types defined via the SerializationInfo.SetType(Type) method, nor deserialization of proxy objects that implement the IObjectReference interface that replaces the deserialized proxy with the corresponding "real" object. Specifically, changing the serialized type during serialization would need to be supported in JsonSerializerInternalWriter.SerializeISerializable() and JsonSerializerInternalReader.CreateISerializable() -- but it is not.

And as it turns out, exceptions subtypes such as DbUpdateConcurrencyException apparently no longer provide their own streaming constructor, but instead rely on this very proxy mechanism to serialize themselves, in particular setting the SerializationInfo.ObjectType to the internal type SafeSerializationManager -- which, as stated, Json.NET does not support, causing the problem you are seeing.

If your code is running in full trust, as a workaround you can add a custom JsonConverter that handles serializing and deserializing of serialization proxies:

public class SerializableConverter<T> : JsonConverter where T : ISerializable
{
    public override bool CanConvert(Type objectType)
    {
        return typeof(T).IsAssignableFrom(objectType);
    }

    public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
    {
        if (reader.TokenType == JsonToken.Null)
            return null;
        var wrapper = serializer.Deserialize<SerializableProxyWrapper>(reader);
        var proxy = wrapper.SerializableValues;
        if (proxy == null)
            return null;
        return proxy.GetRealObject(serializer.Context);
    }

    public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
    {
        var serializable = (ISerializable)value;
        var proxy = SerializableProxy.ToProxy(serializable, serializer.Context);
        serializer.Serialize(writer, new SerializableProxyWrapper { SerializableValues = proxy });
    }
}

sealed class SerializableProxyWrapper
{
    [JsonProperty(TypeNameHandling = TypeNameHandling.All)]
    public SerializableProxy SerializableValues { get; set; }
}

abstract class SerializableProxy : IObjectReference
{
    public static SerializableProxy ToProxy(ISerializable value, StreamingContext context)
    {
        if (value == null)
            return null;
        SerializationInfo serializationInfo = new SerializationInfo(value.GetType(), new FormatterConverter());
        value.GetObjectData(serializationInfo, context);
        var objectType = serializationInfo.GetObjectType();

        return (SerializableProxy)Activator.CreateInstance(typeof(SerializableProxy<>).MakeGenericType(new[] { objectType }), new object[] { serializationInfo, context });
    }

    #region IObjectReference Members

    public abstract object GetRealObject(StreamingContext context);

    #endregion
}

[Serializable]
sealed class SerializableProxy<T> : SerializableProxy, ISerializable, IObjectReference where T : ISerializable
{
    SerializationInfo originalInfo;
    StreamingContext context;

    public SerializableProxy(SerializationInfo originalInfo, StreamingContext context)
    {
        this.originalInfo = originalInfo;
        this.context = context;
    }

    #region ISerializable Members

    public void GetObjectData(SerializationInfo info, StreamingContext context)
    {
        foreach (SerializationEntry entry in originalInfo)
            info.AddValue(entry.Name, entry.Value, entry.ObjectType);
    }

    #endregion

    #region IObjectReference Members

    public override object GetRealObject(StreamingContext context)
    {
        var realObject = Activator.CreateInstance(typeof(T), BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance, null, 
            new object[] { originalInfo, context }, CultureInfo.InvariantCulture);
        return realObject.GetFinalRealObject(context);
    }

    #endregion
}

static partial class SerializationExtensions
{
    public static object GetFinalRealObject(this object obj, StreamingContext context)
    {
        while (obj is IObjectReference)
        {
            var realObj = ((IObjectReference)obj).GetRealObject(context);
            if (!(realObj is IObjectReference))
                return realObj;
            if (realObj == obj)
                return realObj; // Avoid an infinite loop
            obj = (IObjectReference)realObj;
        }
        return obj;
    }
}

static partial class SerializationExtensions
{
    public static Type GetObjectType(this SerializationInfo info)
    {
        if (info == null)
            return null;
        return info.ObjectType;
    }
}

Then it should be usable as follows:

var settings = new JsonSerializerSettings
{
    Converters = new [] { new SerializableConverter<Exception>() },
    Formatting = Formatting.Indented,
};
var json = JsonConvert.SerializeObject(ex, settings);
Console.WriteLine(json);

However, if your code is not fully trusted, this workaround might fail, and support from Json.NET itself would be required.

Note - tested in some mockup scenarios but not with the actual exceptions you are using.

Answer 2

You can do it with a contract resolver if you accept to use only base exception fields. Must be used with TypeNameHandling = TypeNameHandling.All;

public class ISafeSerializationInfoContractResolver : DefaultContractResolver
{
    protected override JsonContract CreateContract(Type objectType)
    {
        JsonContract contract = base.CreateContract(objectType);

        if (contract is JsonISerializableContract)
        {
            JsonISerializableContract serializable = contract as JsonISerializableContract;
            if (serializable.ISerializableCreator == null && typeof(Exception).IsAssignableFrom(objectType))
            {
                serializable.ISerializableCreator = p =>
                {
                    SerializationInfo info = (SerializationInfo)p[0];
                    StreamingContext context = (StreamingContext)p[1];

                    Exception exception = (Exception)Activator.CreateInstance(typeof(Exception), BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance, null,
                    new object[] { info, context }, CultureInfo.InvariantCulture);

                    object realException = Activator.CreateInstance(objectType, BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance, null, null, CultureInfo.InvariantCulture);

                    FieldInfo[] fields = typeof(Exception).GetFields(System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);

                    foreach (FieldInfo field in fields)
                    {
                        field.SetValue(realException, field.GetValue(exception));
                    }

                    return realException;
                };
            }
        }

        return contract;
    }
}

Answer 3

According to the Json.net documentation,

ISerializable

Types that implement ISerializable are serialized as JSON objects. When serializing, only the values returned from ISerializable.GetObjectData are used; members on the type are ignored. When deserializing, the constructor with a SerializationInfo and StreamingContext is called, passing the JSON object's values.

In situations where this behavior is not wanted, the JsonObjectAttribute can be placed on a .NET type that implements ISerializable to force it to be serialized as a normal JSON object.

Since you don't owe the DbUpdateConcurrencyException class, A workaround could be to create a custom exception class which derive from the DbUpdateConcurrencyException and Mark it with attribute JsonObject.

    [JsonObject]
    class CustomException : DbUpdateConcurrencyException
    {
        public CustomException(string message) : base(message) { }
    }

     // Serialize the new customException
     var json = JsonConvert.SerializeObject(
         new CustomException("hi"), serializationSettings);

     //shall not throw error now
     DbUpdateConcurrencyException err = 
          JsonConvert.DeserializeObject<DbUpdateConcurrencyException>(json, serializationSettings); 

This is a just a POC that I tried to make it work for JSON.Net. It makes no sense to create custom classes for all type which inherits ISerializable and doesn't have required constructor. May be you can try creating Castle core DynamicProxy generator to wrap the thrown exception which are ISerializable and mark them with JsonObject attribute on-the-fly before serializing them.

And you're right. Json.net is not able to find the protected constructor because inheritance goes like

DbUpdateConcurrencyException <- DbUpdateException <- DataException 

And DataException class have the Protected constructor which json.net is looking for. Every exception class in .Net framework which is derived from SystemException have this constructor as protected constructor but DbUpdateException && DbUpdateConcurrencyException doesn't have it. So you can guess who to blame now (IMO EF).

Following are the classes I found which have the standard serializable constructor missing and would throw exception during deserialization.

• EntitySqlException
• PropertyConstraintException
• DbUpdateConcurrencyException
• DbUpdateException
• ToolingException
• DbEntityValidationException
• CommandLineException

I wrote this issue to EF team here.