How to use ViewState in Asp.net with example

ViewState in Asp.Net

Introduction:

In my previous articles i explained Asp.Net Ajax Tutorial,difference between web.config and machine.config,Working or Consuming three tier architecture in .Net Applicaiton and various articles regarding Asp.Net and WPF. Now i will explain what is ViewState in Asp.Net,when to use viewstate, advantages and disadvantages of viewstate,Enabling and disabling viewstate and enableviewstate vs ViewStateMode etc.

Description:

It is the one of the client- side statemanagement techniques in Asp.Net. Web Forms page provides built - in property ViewState for automatically retaining the values between multiple page requests for the same page. we can say it is the process of tracking the values of the controls on the page for multiple requests for the same page. We can also add custom values to ViewState. Asp.Net Framework automatically takes care of storing controls information in viewstate and retrieving it before rendering on postback.

       ViewState uses Hiddenfield to store information in key/value format. The value stored in encrypted format.

If you open the pagesource it will look like this

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTA4OTA3 MDE2Nw8WAh4KVmlzaXRDb3VudAIBFgICAw9kFgICBQ8PFgIeBFRleHQFFFBhZ2"?>

Enable/Disable ViewState:

We can control the enabling and disabling the viewstate at three level i.e control level, page level and from web.config. By default this property is enabled. To disable at page level and control level Use EnableViewState Property set it to false.

 To configure ViewState from Web.Config use ViewStateEncryptionMode property which has Values always and none.

<system.web> <pages viewStateEncyptionMode=”Always”/> </system.web>

You can disable EnableViewState at page level in page directive as follows

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="ReadWriteViewState.aspx.cs" EnableViewState="true" Inherits="StateManagement_ViewState" %> ViewStateMode in Asp.Net ViewState:

 In Framework 4.0  a new property ViewStateMode is introduced for viewstate. Prior to Asp.Net 4.0 we use EnableViewState property. Now we can use both of these.

 ViewStateMode property allows us to disable viewstate at parent level and enable it in child level using EnableViewState Property. Both of these properties allow you disable viewstate at parent level and enable it in child level.

     If we disable the viewstate on the page then it will decrease the server processing and page size.

Advantages of ViewState in Asp.Net:

• Easily understandable and implementable.
• No server resource required.
• Enhanced security features like it can be encoded and decoded automatically.

Disadvantages of Viewstate in Asp.Net:

• Performance overhead if we need to store large data in viewstate as the values are stored in the page.
• Security. As values are stored in hidden field in encrypted format then it can easily trapped if they see the pagesource.

How to make viewstate secured in Asp.Net:

You can secure viewstate in two different ways

• By using "hash codes". This code is cryptographically strong checksum. You can do this by using EnableViewStateMAC=true in page directive of page. MAC stands for "Message Authentication Code".  When we set this property then viewstate uses hashcode. While storing viewstate information in hidden fields this hashcode is added to viewstate and during postback it checks with checksum existence if mismatch found postback is rejected.
  <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ReadWriteViewState.aspx.cs" EnableViewState="true" Inherits="StateManagement_ViewState" EnableViewStateMac="true" %>
• Second one is using ViewStateEcryptionMode Property. Set this property to Always So that always viewstate encrypts the data.
  <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ReadWriteViewState.aspx.cs" EnableViewState="true" Inherits="StateManagement_ViewState" EnableViewStateMac="true" ViewStateEncryptionMode="Always" %>

  ViewStateEncryptionMode had three properties Always, Auto, Never.

• Always: Encrypts viewstate information always
• Auto : Encrypts only if any control requests for encryption
• Never: Never attempts to encrypt viewstate information.

We can set these settings in web.config configuration file 
<configuration> <system.web> <pages enableViewState="true" enableViewStateMac="true" viewStateEncryptionMode="Always"/> </system.web> </configuration>

Conclusion:

 I hope you got information regarding what is viewstate, how to use viewstate, How viewstate works in asp.net,advantages,disadvantages and how to secure viewstate in asp.net. I would like to have feedback on this post from you.

Viewstate Examples:

• ViewState Postback Count example , Storing Datatable in ViewState.

  Related Tutorials

• Architecture of WPF.
• Creation of Three Tier Architecture in .Net Application.
• Difference between App.config and Web.Config
• Asp.Net Validation Controls Tutorial
• Asp.Net Ajax Tutorials
• Difference between Machine.Config and Web.Config in Asp.Net Framework.
• Basic Drawings and Shapes in WPF.
• How to read and write key values from and to App.config Settings file .Net Windows Application.
• How to Use RangeValidator Control in Asp.Net with Example.
• Asp.Net Ajax Server Controls, Ajax Control Toolkit Download and Installation Tutorial.
• How to Use ViewState in Asp.Net(State Management Techniques).
• How to use Hidden Field in Asp.Net with Example(State Managemet Techniques).
• Beginners Tutorial on How to use QueryStrings in Asp.Net(State Management Techniques).
• Asp.Net Cookie Usage Overview with example(State Management Techniques).
• Access Specifiers or Modifiers in C# with example(Oops Concept).

•