Serialization Overview

Objects in your client application must be serialized to a stream prior to storage in the ScaleOut service. Use the CacheBuilder.SetSerialization method to configure serialization callbacks for your cache.

Default Serialization

If the CacheBuilder.SetSerialization method is not called when configuring a cache, the cache will fall back to default serialization implementations. Primitive types such as integers, floats, bools, and Guids will have their binary representations stored directly in the service, and strings will be serialized as UTF-8 encoded byte arrays.

Complex types will be serialized using .NET's BinaryFormatter. While the BinaryFormatter is convenient and can serialize nearly any type, its performance is poor compared to modern serializers such as protobuf-net or MessagePack. Also, its flexibility has given rise to security vulnerabilities in some application contexts. The BinaryFormatter should therefore only be used for development or proof-of-concept purposes.

Important

Starting with .NET 5, the BinaryFormatter has been officially deprecated, and, in ASP.NET Core 5.0 projects, BinaryFormatter calls will throw a NotSupportedException.

The Scaleout.Client library does not deserialize untrusted input, so the security threat from the library's default BinaryFormatter usage is minimal. However, developers are encouraged to follow Microsoft's guidance and use a safe, modern serializer early in their development projects.

Related Tasks

• Using protobuf-net for Serialization
• Using MessagePack for Serialization
• Using Json.NET for Serialization
• Using System.Text.Json for Serialization
• Encrypting Objects
• Improving Memory Usage Accuracy

Related Reference

• SetSerialization(Action<TValue, Stream>, Func<Stream, TValue>)

Related Information

• BinaryFormatter security guide (docs.microsoft.com)
• BinaryFormatter serialization methods are obsolete and prohibited in ASP.NET apps (docs.microsoft.com)