Evidence Must Be Serializable

The Evidence object acts as a collection for any sort of object that you want to add as evidence for an assembly or AppDomain.  (It can get confusing because there is both an Evidence class and objects used as evidence.  I’ll capitalize the first one to disambiguate between them).  Both the AddHost and AddAssembly methods take object parameters, which can lead to the conclusion that any object can be used as evidence.

However, the CLR does have the requirement that the objects you use for evidence must be serializable, as we will attempt to serialize the entire Evidence collection at various points (such as when you attempt to access the Evidence property of the AppDomain).  If unserializable evidence is added to the collection, we won’t complain up front, however SerializationExceptions may start to occur down the line when one of the operations that cause the Evidence collection to serialize is done.

(Incidentally, another property of evidence objects is that they must be non-null.  Adding a null object to the Evidence collection can cause potential NullReferenceExceptions down the line.)

Comments (4)

  1. Wilhelm Svenselius says:

    How come the appropriate methods do not check for ISerializable and/or null? An ISerializable check might be a bit cumbersome without changing the methods to take a reference to an ISerializable directly (which would break backcompat) but a simple if( null == obj ) check? Why would something like that be left out?

  2. Hi Wilhelm,

    That’s certainly something we will consider for upcoming versions of the CLR, however we still have to take compat into account.  For instance, making that change breaks anyone who creates an Evidence collection with a non-serializable object and then doesn’t do anything with it.  It’s a bit of a contrived scenario, but still one we need to consider before making the change.


  3. [Default] Spotlight on: Windows Vista [Default] Microsoft Across America Launch Event The release of

  4. We all know that the CLR provides many types of evidence to assemblies and AppDomains by default, but