?
Solved

viewstate management

Posted on 2006-05-02
5
Medium Priority
?
854 Views
Last Modified: 2013-12-03
Hi Experts

1)What is VIEWSTATE in ASP.NET?
2)Usere can view the data in the VIEWSATE?
3)Where it stores the data, client side/server side?
4)Is it possible to modify the content of viewstate?
5)If we disable the viewstate what will happen?

with regards
Gopi
0
Comment
Question by:gbreddy
  • 3
5 Comments
 
LVL 15

Assisted Solution

by:igor_alpha
igor_alpha earned 300 total points
ID: 16593513
Hi gbreddy,
1.
View state is used natively by the ASP.NET web controls. It allows them to retain their properties
between postbacks. You can add your own data to the view state collection using a built-in page
property called ViewState. The type of information you can store includes simple data types and
your own custom objects.
Like most types of state management in ASP.NET, view state relies on a dictionary collection,
where each item is indexed with a unique string name. For example, consider this code:
ViewState["Counter"] = 1;
This places the value 1 (or rather, an integer that contains the value 1) into the ViewState
collection and gives it the descriptive name Counter. If there is currently no item with the name
Counter, a new item will be added automatically. If there is already an item indexed under the
name Counter, it will be replaced.

2.
View state information is stored in a single Base64-encoded string
that looks like this:
<input type="hidden" name="__VIEWSTATE" value="dDw3NDg2NTI5MDg7Oz4="/>
Because this value isn’t formatted as clear text, many ASP.NET programmers assume that their
view state data is encrypted. It isn’t. A clever hacker could reverse-engineer this string and examine
your view state data in a matter of seconds.

3.
Client - A hidden field in the current web page.

4.
Yes, it possible.
If you want to make view state secure you can make sure that the
view state information is tamper-proof by using a hash code.
You do this by adding the EnableViewStateMAC attribute to the Page directive in your .aspx file,
as shown here:
<%@ Page EnableViewStateMAC="true" %>

5.
It depend of controls, where you want disable it.
If you need save state of control on postbacks you need to enable viewstate otherwise don't.
0
 
LVL 2

Accepted Solution

by:
barisgomlek earned 300 total points
ID: 16596739

ViewState: All You Wanted to Know

What ViewState is Not

First, lets consider what ViewState is NOT, since there are several common misconceptions. ViewState does not help restore posted values to form controls, although this is said at times. The easiest way to see this is to disable a controls ViewState and watch its value be restored. This is done automatically for us by matching the posted form variable name with the control, although this only works for controls that are created by the time the Load event is completed. So while ASP.NET does automate the restoring of form values, this is not part of ViewState.
ViewState also does not auto-recreate any controls that were dynamically created in the code. This is actually something that many of us have discovered the hard way, since it doesnt work. Any controls that you dynamically create in your code must therefore be recreated in the code. This can be a little difficult at times to work around, especially for controls created in events, but it is doable if you keep track of whats been previously done and recreate it on each Load. ViewState can, however, be used to track this information, but we must manually code for it.
Finally, ViewState is not intended for user or session data, nor for transferring across pages. ViewState is only designed for state data related to the current page and its various controls. It does not get sent to a new page in any case, not through links, redirects, or server transfers. There may be things that you want to access on multiple pages, due to redirects or transfers, but the solutions involve using either cookies, session, or the request context, not ViewState. We will also see that ViewState is neither secure, nor always the best use of server resources.

So What is ViewState

ViewState is used to track and restore the state values of controls that would otherwise be lost, either because those values do not post with the form or because they are not in the page html. This means that a control totally defined in your page html, with no changes made in the code, will have no ViewState at all, as is often the case when using drag-n-drop with static content. Instead, ViewState only holds the values of properties that are dynamically changed somehow, usually in code, data-binding, or user interactions, so that they can be restored on each request.
So, ViewState holds properties you change in code, any data that you bind to a control in code, and any changes that occur as a result of user interactions that were triggered with a PostBack. An example of a user interaction is a user selecting a date or moving a month in the calendar, which triggers a PostBack that changes properties of the calendar to match the users request. The new date selected or month being viewed must be persisted in the calendars ViewState since these are properties that will need to be restored but which will not be posted next time.
ViewState also provides a StateBag, which is a special collection or dictionary, for each page that you can use to store any object or value, associated with a key, to retain across PostBacks. This is useful for your own custom items that are relevant to only that specific page instance, since these values will automatically post with that page, but not transfer to any other pages. One very good use of custom ViewState is to keep track of any dynamically created controls, which you can then manually recreate on each post based on your tracking data in ViewState.

And What is the Format

ViewState is by default serialized and passed across page PostBacks as a hidden form field, __VIEWSTATE, that is Base64 encoded so that it is not easily readable, but not encrypted. ViewState is by default tamper-proof, however, since a hash is applied based on machine key, although this is disabled by setting the enableViewStateMac property to false (see Listing 1). ViewState can be optionally encrypted, by setting up machineKey validation (see Listing 2), but this must be done at the machine level and it uses more resources so its not recommended.
ViewState is saved before rendering in the Page.SavePageStateToPersistenceMedium method and it is restored on PostBacks in the Page.LoadPageStateFromPersistenceMedium method. Both of these methods can be easily overridden to save ViewState to Session (see Listing 3), which is useful for low-bandwidth cases, like Mobile devices which use Session by default. Storing the ViewState in other data stores, like a database or even advanced Session modes, requires serialization and deserialization using the special LosFormatter class (see Listing 4).
Finally, lets take a look at the internal format of the ViewState object for completeness sake. Each controls ViewState is stored in a Triplet (System.Web.UI.Triplet) with the First object being a Pair (System.Web.UI.Pair), or Array or Pairs, of ArrayLists of related name-values. The Second object of the Triplet is an ArrayList of that controls child indices in control tree, and the Third object is an ArrayList of the similar associated Triplets of those child controls. Its all rather hard to describe, so look at the example and try it for yourself (see Listings 5/6).

Listing 1: ViewState Machine Hash Disabled
machine.config or web.config: <pages enableViewStateMac='false' />
page level directive:         <%@Page enableViewStateMac='false' %>
page level script code:       Page.EnableViewStateMac = false;

Listing 2: ViewState Encryption is Enabled
machine.config: <machineKey validation='3DES' validationKey='*' />
where the validationKey must be the same across a web-farm setup
also requires the enableViewStateMac property setting to be true

Listing 3: ViewState Saved in Session State
protected override object LoadPageStateFromPersistenceMedium() {
      return Session["ViewState"];
}

protected override void SavePageStateToPersistenceMedium(object viewState) {
      Session["ViewState"] = viewState;
      // Bug requires Hidden Form Field __VIEWSTATE
      RegisterHiddenField("__VIEWSTATE", "");
}
Listing 4: ViewState Saved in Custom Store
protected override object LoadPageStateFromPersistenceMedium() {
      LosFormatter format = new LosFormatter();
      return format.Deserialize(YourDataStore["ViewState"]);
}

protected override void SavePageStateToPersistenceMedium(object viewState) {
      LosFormatter format = new LosFormatter();
      StringWriter writer = new StringWriter();
      format.Serialize(writer, viewState);
      YourDataStore["ViewState"] = writer.ToString();
}
Listing 5: ViewState Decode/Parse Example
Encoded ViewState:
dDwxMjM0NTY3ODkwO3Q8cDxsPHBycEE7cHJwQjtwcnBDOz47bDx2YWxBO3ZhbEI7dmFsQzs+PjtsPGk8
MD47aTwyPjtpPDM+O2k8NT47PjtsPHQ8cDxsPHBycEE7cHJwQjs+O2w8dmFsQTt2YWxCOz4+Ozs+O3Q8
cDxsPHBycEE7cHJwQjs+O2w8dmFsQTt2YWxCOz4+Ozs+O3Q8cDxsPHBycEE7cHJwQjs+O2w8dmFsQTt2
YWxCOz4+Ozs+O3Q8cDxsPHBycEE7cHJwQjs+O2w8dmFsQTt2YWxCOz4+Ozs+Oz4+Oz4=

Decoded ViewState:
t<1234567890;t<p<l<prpA;prpB;prpC;>;l<valA;valB;valC;>>;
l<i<0>;i<2>;i<3>;i<5>;>;l<
t<p<l<prpA;prpB;>;l<valA;valB;>>;;>;
t<p<l<prpA;prpB;>;l<valA;valB;>>;;>;
t<p<l<prpA;prpB;>;l<valA;valB;>>;;>;
t<p<l<prpA;prpB;>;l<valA;valB;>>;;>;>>;>

Parsed ViewState:
t<1234567890;             Page-Level Triplet is Special Case
  t<p<l<prpA;prpB;prpC;>; Triplet-First:Pair-First:ArrayList
      l<valA;valB;valC;>                Pair-Second:ArrayList
     >;
    l<i<0>;               Triplet-Second:ArrayList:Indices
      i<2>;                                        of the
      i<3>;                                        Children
      i<5>;                                        Controls
     >;
    l<t<p<l<prpA;prpB;>;  Triplet-Third:ArrayList:Triplets
          l<valA;valB;>                           of the
         >;                                       Children
       ;                                          Controls
       >;
      t<p<l<prpA;prpB;>;  Each Sub-Triplet follows same Pattern
          l<valA;valB;>  
         >;
       ;                  More Levels Possible if sub-Children
       >;
      t<p<l<prpA;prpB;>;  Each Sub-Triplet follows same Pattern
          l<valA;valB;>
         >;
       ;                  More Levels Possible if sub-Children
       >;
      t<p<l<prpA;prpB;>;  Each Sub-Triplet follows same Pattern
          l<valA;valB;>
         >;
       ;                  More Levels Possible if sub-Children
       >;
     >
   >;                     Closing of Special Page-Level Triplet
 >

Listing 6: ViewState Decode/Parse Code
protected override void SavePageStateToPersistenceMedium(object viewState) {
      // Call Base Method to Not Change Normal Process
      base.SavePageStateToPersistenceMedium(viewState);

      // Retrieve ViewState and Write Out to Page
      LosFormatter format = new LosFormatter();
      StringWriter writer = new StringWriter();
      format.Serialize(writer, viewState);
      string vsRaw = writer.ToString();
      Response.Write("ViewState Raw: " + Server.HtmlEncode(vsRaw));

      // Decode ViewState and Write Out to Page
      byte[] buffer = Convert.FromBase64String(vsRaw);
      string vsText = Encoding.ASCII.GetString(buffer);
      Response.Write("ViewState Text: " + Server.HtmlEncode(vsText));

      // Parse ViewState -- Turn On Page Tracing
      ParseViewState(viewState, 0);
}

private void ParseViewState(object vs, int level) {
      if (vs == null) {
            Trace.Warn(level.ToString(), Spaces(level) + "null");
      }
      else if (vs.GetType() == typeof(System.Web.UI.Triplet)) {
            Trace.Warn(level.ToString(), Spaces(level) + "Triplet");
            ParseViewState((Triplet) vs, level);
      }
      else if (vs.GetType() == typeof(System.Web.UI.Pair)) {
            Trace.Warn(level.ToString(), Spaces(level) + "Pair");
            ParseViewState((Pair) vs, level);
      }
      else if (vs.GetType() == typeof(System.Collections.ArrayList)) {
            Trace.Warn(level.ToString(), Spaces(level) + "ArrayList");
            ParseViewState((IEnumerable) vs, level);
      }
      else if (vs.GetType().IsArray) {
            Trace.Warn(level.ToString(), Spaces(level) + "Array");
            ParseViewState((IEnumerable) vs, level);
      }
      else if (vs.GetType() == typeof(System.String)) {
            Trace.Warn(level.ToString(), Spaces(level) + "'" + vs.ToString() + "'");
      }
      else if (vs.GetType().IsPrimitive) {
            Trace.Warn(level.ToString(), Spaces(level) + vs.ToString());
      }
      else {
            Trace.Warn(level.ToString(), Spaces(level) + vs.GetType().ToString());
      }
}

private void ParseViewState(Triplet vs, int level) {
      ParseViewState(vs.First, level + 1);
      ParseViewState(vs.Second, level + 1);
      ParseViewState(vs.Third, level + 1);
}

private void ParseViewState(Pair vs, int level) {
      ParseViewState(vs.First, level + 1);
      ParseViewState(vs.Second, level + 1);
}

private void ParseViewState(IEnumerable vs, int level) {
      foreach (object item in vs) {
            ParseViewState(item, level + 1);
      }
}

private string Spaces(int count) {
      string spaces = "";
      for (int index = 0; index < count; index++) {
            spaces += "   ";
      }
      return spaces;
}

0
 
LVL 2

Expert Comment

by:barisgomlek
ID: 16596771
And this code can be used to save viewstate to session:

protected override object LoadPageStateFromPersistenceMedium()
{
      return Session["ViewState"];
}

protected override void SavePageStateToPersistenceMedium(object viewState)
{
      Session["ViewState"] = viewState;

      // Bug requires Hidden Form Field __VIEWSTATE
      RegisterHiddenField("__VIEWSTATE", "");
}
0
 

Author Comment

by:gbreddy
ID: 16621528
can VIEWSTATE maintain the STATE of the page ?
0
 
LVL 2

Expert Comment

by:barisgomlek
ID: 16622254
Yes, if you use it efficiently, it can.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question