Security compliance requires us to remove the InferDataContractResolver because it resolves any type encoded in the payload. Instead replacing with explicit known types. Apart from IDistribution this can be put directly on the relevant base types. But IDistribution is an interface, so instead I have demonstrated how to manually add add the required known types to the serializer on each use. (See SerializableTest.cs line 287.)
Alternatives:
Do not use base-class KnownTypes and instead always add KnownTypes to SerializerSettings (like for IDistribution).
Change IDistribution to an abstract base class so that it can take KnownTypes (this might not be possible without a lot of knock-on changes).
Security compliance requires us to remove the InferDataContractResolver because it resolves any type encoded in the payload. Instead replacing with explicit known types. Apart from IDistribution this can be put directly on the relevant base types. But IDistribution is an interface, so instead I have demonstrated how to manually add add the required known types to the serializer on each use. (See SerializableTest.cs line 287.)
Alternatives: