Skip to main content
BuyLog In
WinForms Controls
Search in…
Docs > Build an Application > Security Considerations > Safe Deserialization
A newer version of this page is available. .
All docs
V20.2
WinForms Controls
.NET Core Support
Prerequisites
What's Installed
Build an Application
Choose Application UI
Printing and Exporting
WinForms MVVM
Skins
Localization
Security Considerations
Suppress New Processes Initiated by .NET Controls
Safe Deserialization
Right-to-Left Layout
Redistribution and Deployment
How to: Perform Actions On Application Startup
Controls and Libraries
Common Features
Get More Help
API Reference
Download CHM

Safe Deserialization

DevExpress controls use a safety mechanism for all deserialization operations to improve security. An exception is thrown if a control attempts to load an unsafe type.

Deserialize Trusted Types

You should review all unsafe type exceptions. If you trust a certain type, use the following code to enable deserialization:

DevExpress.Utils.DeserializationSettings.RegisterTrustedClass(typeof(CustomClass));

Call the following method to trust all types from a specific assembly:

DevExpress.Utils.DeserializationSettings.RegisterTrustedAssembly("CustomAssembly, Version=x.x.x.x, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxxxx");  
DevExpress.Utils.DeserializationSettings.RegisterTrustedAssembly(typeof(CustomClass).Assembly);

Trust a Part of Your Code

If you trust a data source that raises a security exception, you can turn off safe deserialization for certain sections of code:

DevExpress.Utils.DeserializationSettings.InvokeTrusted(()=>{  
    // Trusted deserialization.  
    // gridView1.RestoreLayoutFromXml(fileName);  
});