问题
The error I'm getting is:
Type 'OrgPermission' in Assembly 'App_Code.ptjvczom, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable.
here is my code:
I have a gridview, that uses the following DataSource:
<asp:ObjectDataSource ID="ObjectDataSource1" runat="server" SelectMethod="GetOrgList"
TypeName="Org">
<SelectParameters>
<asp:SessionParameter Name="orgCodes" SessionField="UserOrgs" Type="Object" />
<asp:Parameter DefaultValue="Y" Name="active" Type="String" />
</SelectParameters>
</asp:ObjectDataSource>
I set the session variable in my page load like so:
User cUser = new User(userid);
//make sure the user is an Admin
List<OrgPermission> orgs = new List<OrgPermission>();
foreach(OrgPermission org in cUser.orgs)
{
if (org.type=='admin')
{
orgs.Add(org);
}
}
Session["UserOrgs"] = orgs;
My user class looks like this:
public class OrgPermission
{
public string Org { get; set; }
public List<string> type { get; set; }
public OrgPermission()
{ }
}
public class cUser
{
public string userid { get; set; }
public List<OrgPermission> orgs { get; set; }
public clsUser(string username)
{
//i set everything here
}
}
I can't understand why it's breaking, can I use it without making it serializable?
I tried to debug, and the session variable sets just fine, it then goes into the GetOrgList and returned correct results, but the page does not load and I get the error above.
Here is a snippet of my GetOrgList function:
public DataTable GetOrgList(List<OrgPermission> orgCodes, string active)
{
string orgList = null;
//code to set OrgList using the parameter is here.
DataSet ds = new DataSet();
SqlConnection conn = new SqlConnection(cCon.getConn());
SqlCommand cmd = new SqlCommand("sp_GetOrgList", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@orgList", orgList));
cmd.Parameters.Add(new SqlParameter("@active", active));
conn.Open();
SqlDataAdapter sqlDA = new SqlDataAdapter();
sqlDA.SelectCommand = cmd;
sqlDA.Fill(ds);
conn.Close();
return ds.Tables[0];
}
回答1:
[Serializable]
public class OrgPermission
回答2:
If you store an object in session state, that object must be serializable.
http://www.hpenterprisesecurity.com/vulncat/en/vulncat/dotnet/asp_dotnet_bad_practices_non_serializable_object_stored_in_session.html
edit:
In order for the session to be serialized correctly, all objects the application stores as session attributes must declare the [Serializable] attribute. Additionally, if the object requires custom serialization methods, it must also implement the ISerializable interface.
https://vulncat.hpefod.com/en/detail?id=desc.structural.dotnet.asp_dotnet_bad_practices_non_serializable_object_stored_in_session#C%23%2fVB.NET%2fASP.NET
回答3:
Leaving my specific solution of this for prosperity, as it's a tricky version of this problem:
Type 'System.Linq.Enumerable+WhereSelectArrayIterator[T...] was not marked as serializable
Due to a class with an attribute IEnumerable<int> eg:
[Serializable]
class MySessionData{
public int ID;
public IEnumerable<int> RelatedIDs; //This can be an issue
}
Originally the problem instance of MySessionData was set from a non-serializable list:
MySessionData instance = new MySessionData(){
ID = 123,
RelatedIDs = nonSerizableList.Select<int>(item => item.ID)
};
The cause here is the concrete class that the Select<int>(...) returns, has type data that's not serializable, and you need to copy the id's to a fresh List<int> to resolve it.
RelatedIDs = nonSerizableList.Select<int>(item => item.ID).ToList();
来源:https://stackoverflow.com/questions/15707872/error-is-not-marked-as-serializable