I had originally implemented a serialization using BinaryFormatter because i needed the result as a byte array. It all work well when running in nUnit, but when i moved it to my medium trust web application it failed. This was due to apparently, the use of reflection in the BinaryFormatter when it serializes all of the object graph properties, including private fields. The easy way to make it work was to change to using the XmlSerializer.
Interestingly though, the XmlSerializer does not implement the same interface as the BinaryFormatter, so i can't just sub in the constructor. The serialise method has the same parameters which is strange.
Heres the msdn doc on the XmlSerializer:
And this explains the trust issue:
I really thought there might be a way to set the properties that get serialized, but it looks like a LinkDemand and Security assert is performed right at the start of the internal serialization class, so theres no hope of ever getting this to work.