DataContractSerializer doesn't call my constructor?
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
DataContractSerializer in .NET can deserialize objects without calling your normal constructor logic. This surprises developers who rely on constructor side effects to initialize invariants.
Understanding this behavior helps you design serialization-safe types.
Core Sections
1) Why constructor is skipped
DataContractSerializer may create instances using runtime mechanisms that bypass standard constructors, then populate members directly.
2) Reinitialize with callback attributes
Use [OnDeserialized] to restore invariants.
3) Parameterless constructor nuance
Even if a parameterless constructor exists, do not depend on it being invoked in all serialization paths.
4) Prefer invariant methods over constructor side effects
Keep object state validation in explicit methods/callbacks that run after deserialization.
5) Test serialization round-trip
Round-trip tests catch constructor-assumption bugs quickly.
6) Production checklist for serialization lifecycle safety
Turning a working snippet into production-ready behavior requires explicit validation beyond unit examples. Start by defining measurable acceptance criteria for correctness, reliability, and performance. Correctness should include at least one golden input-output case and one edge case. Reliability should include how failures are surfaced and whether retries are safe. Performance should be measured with representative input size, not tiny toy examples that hide scaling issues. Once these criteria are written down, keep them close to the code so maintainers know what guarantees must hold during refactors.
Operational readiness also depends on environment clarity. Document runtime version constraints, required configuration keys, and any external dependencies such as services, files, or credentials. Most regressions in this class of problem are not algorithmic; they come from environment drift, dependency upgrades, or subtle API behavior changes. Add one smoke test that runs in CI and one failure-mode check that verifies observability. The failure-mode check should confirm that logs and error messages are actionable, not generic. If a team member cannot quickly identify the failing component from logs, incident response will be slower than necessary.
A pragmatic rollout sequence is:
- Run static checks and tests in CI.
- Execute a smoke test with realistic data shape.
- Trigger one expected failure mode and verify logging.
- Deploy behind a feature flag or staged rollout when possible.
- Monitor defined metrics during a stabilization window.
Finally, define ownership and rollback up front. Specify who responds when checks fail, what threshold triggers rollback, and which fallback mode keeps user-facing behavior acceptable. Even small utilities should have explicit limits and non-goals recorded in documentation. That prevents accidental overextension and helps future contributors decide whether to iterate on the existing approach or replace it. Revisit this checklist after framework upgrades, because behavior assumptions that were once valid can change with new runtime defaults or deprecations.
Common Pitfalls
- Assuming constructors always execute during deserialization.
- Keeping critical defaulting logic only in constructors.
- Forgetting
[OnDeserialized]for rehydration-time fixes. - Using private fields not marked for serialization and expecting restored state.
- Skipping round-trip tests for data contract classes.
Summary
DataContractSerializer may bypass constructor execution, so constructor-only initialization is unsafe for deserialized objects. Use serialization callbacks and explicit invariant restoration logic to keep object state valid.
As a maintenance practice, keep one regression test and one smoke-check command for this workflow in CI. Re-run them after dependency or runtime upgrades so behavior changes are detected early rather than during production incidents, and document expected environment assumptions in the repository to reduce repeated debugging effort.

