Error - is not marked as serializable

c# asp.net .net serialization

The error I'm getting is:

Type 'OrgPermission' in Assembly 'App_Code.ptjvczom, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable.

here is my code:

I have a gridview, that uses the following DataSource:

 <asp:ObjectDataSource ID="ObjectDataSource1" runat="server" SelectMethod="GetOrgList" 
            TypeName="Org">
    <SelectParameters>
      <asp:SessionParameter Name="orgCodes" SessionField="UserOrgs" Type="Object" />
       <asp:Parameter DefaultValue="Y" Name="active" Type="String" />
    </SelectParameters>
 </asp:ObjectDataSource>

I set the session variable in my page load like so:

User cUser = new User(userid);
//make sure the user is an Admin
List<OrgPermission> orgs = new List<OrgPermission>();
foreach(OrgPermission org in cUser.orgs)
   {
     if (org.type=='admin')
     {
        orgs.Add(org);                       
     }
   }
Session["UserOrgs"] = orgs;

My user class looks like this:

public class OrgPermission
{
    public string Org { get; set; }   
    public List<string> type { get; set; }

    public OrgPermission()
    { }    
}
public class cUser
{    
    public string userid { get; set; }
    public List<OrgPermission> orgs { get; set; }

    public clsUser(string username)
    {
      //i set everything here
    }
}

I can't understand why it's breaking, can I use it without making it serializable?

I tried to debug, and the session variable sets just fine, it then goes into the GetOrgList and returned correct results, but the page does not load and I get the error above.

Here is a snippet of my GetOrgList function:

public DataTable GetOrgList(List<OrgPermission> orgCodes, string active)
    {

        string orgList = null;

        //code to set OrgList using the parameter is here.

        DataSet ds = new DataSet();
        SqlConnection conn = new SqlConnection(cCon.getConn());
        SqlCommand cmd = new SqlCommand("sp_GetOrgList", conn);
        cmd.CommandType = CommandType.StoredProcedure;
        cmd.Parameters.Add(new SqlParameter("@orgList", orgList));
        cmd.Parameters.Add(new SqlParameter("@active", active));

            conn.Open();
            SqlDataAdapter sqlDA = new SqlDataAdapter();

            sqlDA.SelectCommand = cmd;
            sqlDA.Fill(ds);

            conn.Close();
        return ds.Tables[0];
    }

You need to add a Serializable attribute to the class which you want to serialize.

[Serializable]
public class OrgPermission

If you store an object in session state, that object must be serializable.

http://www.hpenterprisesecurity.com/vulncat/en/vulncat/dotnet/asp_dotnet_bad_practices_non_serializable_object_stored_in_session.html

edit:

In order for the session to be serialized correctly, all objects the application stores as session attributes must declare the [Serializable] attribute. Additionally, if the object requires custom serialization methods, it must also implement the ISerializable interface.

https://vulncat.hpefod.com/en/detail?id=desc.structural.dotnet.asp_dotnet_bad_practices_non_serializable_object_stored_in_session#C%23%2fVB.NET%2fASP.NET

Related

Hive insert query like SQL
How can I check if an object in an NSArray is NSNull?
pip3: bad interpreter: No such file or directory
Session 'app': Error Installing APK
Trim to remove white space
How to access parent Activity View in Fragment
Center text output from Graphics.DrawString()
permission denied (publickey) Error using git on windows 7
Exception traceback is hidden if not re-raised immediately
.gitignore and Visual Studio project: Ignore bin/Debug directory but not bin/Release directory
Saving lists to txt file
Why do these two comparisons have different results?