If EnableViewStateMAC is set to true, ASP.NET will generate a hashcode for the ViewState data and compare it to the hashcode stored in the posted value. What prevents an attacker from setting the hash based on the altered form values?
View 1 RepliesNow here is the weird thing. First i am running it locally on the built in vs2008 web server.I load my control in fine, do a postback from a linkbutton, locally on my machine it all works fine, no issue.However when it goes onto my host, it falls over with the message:
Failed to load viewstate. The control tree into which viewstate is being loaded must match the control tree that was used to save viewstate during the previous request.Now i also load controls dynamically and use postbacks and things in the admin area of the site...and that works fine, however my front end just keeps failing? See the code behing below:
[Code]....
I have problem getting values from viewstate in GetTopThemes.
<asp:ObjectDataSource
ID="sourceGetTopThemes"
runat="server"
TypeName="DBConnection"
SelectMethod="GetTopThemes"
EnableViewState="true"></asp:ObjectDataSource>
[Code]....
}
[Code]....
when the page is not Posted back, I saved all values in the viewstate.
I have been getting this error a lot lately with some of my users, and I had a couple of concerns with view state and I have read so many articles but I am still lost..
1. I use masterpage on all the pages and I need viewstate for some of the pages but..
There is a page where a user will fill out the information and then submit this data to a cgi server, and it is where I get most of the Client Disconnected errors, what would happen if I disable viewstate when they click on that button?
Now when a user browses from one page to another, does the view state from the previous page get deleted? If not how would I delete it?
Does the master page have its own viewstate? Would I be able to make sure none of items on my master page are using the viewstate?
I have a shopping cart page (Cart.aspx) that has a button that will (sometimes) post to a third party payment gateway, if payment is necessary. The payment gateway will process the payment and then do a silent post to my website (Order.aspx) so I can update the order status.
Order.aspx always throws an invalid viewstate error, even though viewstate is disabled on the page.
What's happening is that Cart.aspx (which has viewstate enabled) posts to the payment gateway, and the gateway will post it back as part of the silent post. Even though Order.aspx has viewstate disabled and validation disabled, it still tries to validate the __viewstate field it's being given.
I know setting EnableViewState=false will disable the rendering of the __viewstate field, but if another page provides the field, shouldn't it still skip validation? I tried calling ViewState.Clear() on the Page_Init event of Order.aspx, but ViewState is apparently empty. how to get around this? I don't want to disable ViewState on Cart.aspx (in some cases it may be necessary), but I can't figure out how to clear it on Order.aspx.
I have added one datalist into view state as:
ViewState["datalist"] = dtlstForm;
and retrieved it as:
DataList lis = (DataList)ViewState["datalist"];
then folowing error comes:
Type 'System.Web.UI.WebControls.DataList' in Assembly 'System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' is not marked as serializable.
I have an aspx page that I want to convert to an HttpHandler, but I'm struggling withewState that's been used in the code behind of the aspx page
View 2 RepliesUpon page reloads I want to retain the values the user had typed in upon hitting submit. I worry about viewstates being cumbersome for pages, both in bandwidth and in time for a page viewer to download the page. I am cheap with my bytes :p
My question is instead of using server controls and such I am having the form on the page do a get to itself and on the aspx putting <input type="text" id="user_email" name="email" value="<%=Request.Form["email"] %>" /> This allows me to not use viewstate. Are there any potential shortcomings to doing things this way? My goal is always for a lighter page and efficiency even if it is more work.
I am using a enum
public enum WatchUsageMode
{
Watch = 1,
EmailPreferences = 2
}
i want to set the property of that enum in my view state in such a way that whenever view state is null return Watch else EmailPreference.how can i get and set the property?
i am new at the ViewState and i am looking to see what values are stored within it. I know how to loop through an array to check for a value but i do not know how to go about doing that for a ViewState("test") property.Let's say i have added "bob, tom, Jim" to a ViewState called ViewState("test"). I would like to be able to see if "tom" was in the ViewState("test"). If not then add it but if it exists already then skip it.
Public strIDArray() As String
Public vsSaver As String
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
[code]...
well what i want to find out is how can i figure out if some change occurd in page when postback , i mean when the first state of the page hahe any changes after postback . I thought maybe somehow to compare viewstaes but i can not find out how can i do that.
View 13 Replieslately I'm using less and less the ASP.NET controls and also turns off the viewstate in almost any page, in my opinion its easier to maintain your pages, you get more control over what happening and most importantly it gives a serious performance boost to large pages (no view state). I'm also using a lot of ajax in my projects (without the script manager / updatecontrol but via javascript) is anyone here working like this? is this bad practice ?
View 18 RepliesThe following message appears in our log:The control tree into which viewstate is being loaded must match the control tree that was used to save viewstate during the previous request. For example, when adding controls dynamically, the controls added during a post-back must match the type and position of the controls added during the initial request. alot has been written about this subject. However, I cannot reproduce this behavior, and I only find a couple thousand errors per day in the logs; so it's probably isn't that obvious.
The page in question has an UpdatePanel and loads one of three usercontrols depending on the querystring.Is there any known issue with some clients, or any other possible explanation?
In building custom controls, I've seen two patterns for using the viewstate. One is to use properties to disguise the viewstate access as persistent data.
public bool AllowStuff
{
get
{
return (ViewState[constKeyAllowStuff] != null) ?
(bool)ViewState[constKeyAllowStuff] : false;
}
set { ViewState[constKeyAllowStuff] = value; }
}
The other is to use private member fields and to override the Load/SaveViewState methods on the control and handle it all explicitly:
protected override object SaveViewState()
{
object[] myViewState = new object[2];
myViewState[0] = base.SaveViewState();
myViewState[1] = _allowStuff;
return myViewState;
}
protected override void LoadViewState(object savedState)
{
object[] stateArray = (object[])savedState;
base.LoadViewState(stateArray[0]);
_allowStuff = (bool)stateArray[1];
}
(I cut out a lot of safety checking for clarity, so just ignore that.) Is there are particular advantage to one method over the other? I can't see how they'd differ much performance wise. Version 1 is lazy, so I guess you save a bit if you don't need that particular value during a pass. Version 1 is also more abstract, hides the details better. Version 2 is clearer about when the data is actually valid and ok to read or modify (between the load and save) because it more clearly works within the ASP.NET lifecycle. Version 2 does tend to require more boilerplate code though (a property, a backing private field, and viewstate handling in two places) as opposed to Version 1 which combines all that into one place.
i have a web for and want to 'get' it to another page.. is there anyway to submit it without posting the viewstate and other bits i dont want? or should i be catching the submit button click and redirecting with a querystring i build myself
View 4 RepliesI can tried save some data to ViewState, but i get this Error:
Microsoft JScript runtime error: Sys.WebForms.PageRequestManagerServerErrorException: Error serializing value 'HeRMeSSAAS.BussinesProcess.BussinesServices.CandidateService' of type 'HeRMeSSAAS.BussinesProcess.BussinesServices.CandidateService.'
Code:
private IActionService ActionService
{
get [code]...
How i can store value to ViewState?
I have Dim a(15) as integer i wont to save this array in Viewstate .
View 2 RepliesI have searched the web for the answer and saw that mostly variables are saved in viewstate on page.prerender event. Then the value of the variable is set back in page load event.However, when I save a variable in viewstate on prerender or load events, how can viewstate store the value of the variable after it is changed dynamically on codebehind?
Let's say, after page is loaded, user clicked a button which changes the value of the variable in its onClick event. Then the postback event raised since the button was clicked. According to me, the new value should have been lost and cannot be saved in the viewstate if the variable is saved in the viewstate only in prerender event. Because on postback the prerender event wont fire and the value cannot be saved.
Shouldn't I save the variable in the viewstate just before the postback event rises?? If so, how can viewstate store the new value of the variable if the viewstate is saved in prerender event?
EDIT: ViewState does not change when browser is refreshed, so even if you write to viewstate it will not save the data. i am trying to store a Queue in a viewstate (to track postbacks and refreshes to stop a form from resubmitting). The Queue is only saving with a count of 1 (the first item that is added to it) no matter how many items i add.
// New Queue of strings
private Queue<string> sTemp;
private Queue<string> p_tempQue
{
set
{
ViewState["sTemp"] = value;
}
get
{
return (Queue<string>)ViewState["sTemp"];
}
}
//BasePage constructor
public BasePage()
{
//create a Queue of string
//sTemp = new Queue<string>();
this.Load += new EventHandler(this.Page_Load);
this.Init += new EventHandler(this.Page_Init);
}
//In the 'page_Init' event we have created a simple hidden field by name 'hdnGuid' which is attached to the page on the first hit itself.
protected void Page_Init(object sender, EventArgs e)
{
//initializing the hidden field
//create a hidden field with a ID
HiddenField hdnGuid = new HiddenField();
hdnGuid.ID = "hdnGuid";
//if it is the first time the page is loaded, create a new guid and assign it as the hidden field value
if (!Page.IsPostBack)
hdnGuid.Value = Guid.NewGuid().ToString();
//add the hidden field to the page
Page.Form.Controls.Add(hdnGuid);
}
//In the 'page_Load' event we check if the hidden field value is same as the old value. In case the value is not same that means it's a 'postback'
//and if the value is same then its 'refresh'. As per situation we set the 'httpContent.Items["Refresh"]' value.
protected void Page_Load(object sender, EventArgs e)
{
if(p_tempQue != null)
sTemp = p_tempQue;
else
sTemp = new Queue<string>();
//The hdnGuid will be set the first time page is loaded, else the hdnGuid
//will be set after each time the form is submitted using javascript.
//assign the hidden field currently on the page for manipulation
HiddenField h1 = (HiddenField)(Page.Form.FindControl("hdnGuid"));
//create an instance of the GuidClass
GuidClass currentGuid = new GuidClass();
//set the GuidClass Guid property to the value of the hidden field
currentGuid.Guid = h1.Value;
//check to see if the Queue of strings contains the string which is the current Guid property of the GuidClass
//if the are equal, then the page was refreshed
if (sTemp.Contains<string>(currentGuid.Guid))
{
//adds item as key/value pair to share data between an System.Web.IHttpModule interface and an System.Web.IHttpHandler interface during an HTTP request.
System.Web.HttpContext.Current.Items.Add("IsRefresh", true);
}
//if they are not requal, the page is not refreshed
else
{
//if the current Guid property in the GuidClass is not null or not an empty string
//add the new Guid to the Queue
if (!(currentGuid.Guid.Equals(null) || currentGuid.Guid.Equals("")))
sTemp.Enqueue(currentGuid.Guid);
System.Web.HttpContext.Current.Items.Add("IsRefresh", false);
}
p_tempQue = sTemp;
}
Are there any other ViewState alternatives? I've heard a lot Like Session, holding the state of some of the page's controls' state and getting destroyed the moment the user leaves the page. I know I'm describing ViewState itself, but I'm looking for a pattern of sorts or suggestions so I can avoid ViewState altogether. An example of how I'm using it is where I'm storing the contents of my grid (A list of ViewModels) to ViewState. This helps to know which entries are dirty, which ones have been modified, their indexes, the currently selected objects, etc.
View 4 RepliesI'm a novice ASP.Net/C# programmer, and had an experience only of a couple of projects during college and a couple of freelancing projects when I was recruited by a startup company to build their ASP.Net based website. I've just abut completed the website, and now since the company is not able to find a worthy enough SEO, I'm expected to do our site's SEO as well(which is a totally new experience for me). Did I mention that I'm the only Web Developer here?So, now as you'd expect a novice programmer having no concern for future SEO needs, I built up the site without giving due consideration to any of the SEO enhancement techniques.
The Problems:
ViewState - When is it required? Is it really required if I'm not creating any controls on the fly? I'm using DataControls though. And the website(the pages visible to the user not the CMS), is purely information based. Also, if I disable a control(ex: DataList)'s viewstate, will the viewstate of controls inside it also get disabled?(which is what I'd like actually)QueryStrings - Now comes the toughest part, I've used Query Strings to the extent that you can say that the website is QueryString driven, which unfortunately enough is not a good thing for SEO. To make matters worse, the QueryStrings for some pages are not uniform. For ex- In some cases the querystring may have variables A, B, and C, while in other cases it can have variables M, B, C and probably not all the three variables in some cases. Now, I know that I'd have to do url rewriting but these query strings have dynamic data fetched from the database tables of size more than 10,000 rows. So would I have to create functions for url rewriting and use regex to separate wheat from whaff?
Just spent a lot of time exorcising asp.net's large (but understandably useful) viewstate from an app, and i think it's worth sharing how it's done.
View 8 Repliesjust wanna ask what is acceptable size of ViewState per page? What is the level I should start worried. Is there any objective measurement for viewstate size?
View 6 RepliesI agree that the best way to shorten the ViewState is to disable it on the ASP.Net controls that don't need it. Keeping it small from the beginning is a great habit.I have also heard that it is already compressed (although can be true... there are ways of compressing it even more, has described in this Stack Overflow question).
My question here is not if it should be compressed... is: when should ViewState be compressed?If we have a ViewState of 410 characters it will weight 410 bytes in a page, while a ViewState of 13.843 characters equals 13.5 KB.13.5KB is a considerable weight already. And if I compress a CSS file that height 10KB, I think it is also worthy compressing a ViewState of 13.5KB, even if that means a little extra "thinking" on the server.But is 410 bytes of ViewState worth the extra processing on the server?
In pages that have a viewstate that spans 10-15KB what would be an optimal value for
<pages maxPageStateFieldLength="">
in the web.config in order to reduce the risk of potential truncation leading to viewstate validation errors?