I have an ASP.NET app where I”m using SQL Session State.

My application gets data from a RESTful web service, whose output is JSON. This data is serialized on the web service end and deserialized on my website end using the DataContractJSONSerializer object. The objects being serialized are simple .NET POCO objects. They do not have the [Serializable] attribute. DataContractJSONSerializer by default will just serialize and deserialize properties, which is fine for me.

One of these objects I get back from my service, I would like to save in my session state (i.e. SQL). This requires the object to be serializable. The problem is, if I add the Serializable attribute to my POCO objects, the JSON serialization changes and all the FIELDs (including private fields) get serialized and returned from the web service, breaking deserialization on my end.

I’m wondering if there is any way I can control the way ASP.NET serializes objects when using the SQL Session state? If I could somehow serialize the objects here again using DataContractJSONSerializer that would be great. Or another method where I could control serialization.

I know I could implement ISerializable and control how my objects are serialized and that would solve my problem, but I’m trying to avoid having to implement that on every object that I want to serialize.