View State is the mechanism
that allows state values to be preserved across page postbacks.
Because of the stateless nature of
web pages, regular page member variables will not maintain their values
across postbacks. When we need a page variable to maintain its value
across page post backs, we can use ViewState to store that value. Values
stored in ViewState will be serialized and sent to the client browser as the
value of a hidden form input. When you view the page source (in your
browser) of a page the uses ViewState, you may see this hidden viewstate
input which will look something like this:
<input type="hidden"
name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwUKMTM1ODM3Nj......." />
This single hidden field contains all
the viewstate values for all the page controls. This is an important
aspect of viewstate that you need to consider.
Because viewstate is (by default) sent to the client
browser and then returned to the server in the form of a hidden input control
on your page, storing a significant amount of data in viewstate can
increase your page size and can affect your page performance.
To disable ViewState for a control,
you can set the EnableViewState property to false (In asp.net 2.0, ViewState is
enabled by default). When ViewState is disabled for any
control, it will also automatically be disabled for all child controls of that
control.
Example:
<asp:Label ID="lblRequestCount" runat="server"
EnableViewState="false"></asp:Label>
This does not mean that you should
avoid viewstate. You should however, always be aware of what you are storing
there and how it affects your overall page size.
Some people hate ViewState, others
love it. Either way, you have control over your ViewState, so take control!
-------------------------------------------------------------------------------------------------------------------------------
How to view information in ViewState using ASP.NET 2.0 and 3.5
Http
is a stateless protocol. Hence the state of controls is not saved
between postbacks. Viewstate is the means of storing the state of server
side controls between postbacks. Viewstate stores the state of controls
in HTML hidden fields. In other words, it is a snapshot of the
contents of a page.
When
set to True, the ‘EnableViewState’ property enables storing the state
of an object in a page between postbacks. Objects are saved in a Base64
encoded string. Because it is a Base64 encoded string, it is not
readable by the human eye. However it is also not difficult to decode
the viewstate and view the contents of the viewstate when it is passed
over the wire. In this article we will see how to decode and view the
contents of a viewstate.
Step 1:
Create an asp.net application with 2 textboxes, a label and a button as
shown below. On the button click, we will concatenate the values of the
2 textbox and display this information in the label control.
<body>
<form id="form1" runat="server">
<div>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
<br />
<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
<br />
<br />
<asp:Label ID="Label1" runat="server"></asp:Label><br />
<br />
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" />
<br /> </div>
</form>
</body>
Step 2: Add the button click event:
C#
protected void Button1_Click(object sender, EventArgs e)
{
Label1.Text = TextBox1.Text + " " + TextBox2.Text;
}
VB.NET
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs)
Label1.Text = TextBox1.Text & " " & TextBox2.Text
End Sub
Step 3:
Execute the page and enter some values in the textbox. We will enter
the value ‘I Love’ and ‘Dotnetcurry.com’ respectively in the two
textboxes. Now click the button. The label will contain the concatenated
value and should display ‘I Love Dotnetcurry.com’. Now right click on
the page > View Source.
Along with the other html text, you will see the following:
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJODczNjQ5OTk0D2QWAgIDD2QWAgIFDw8WAh4EV
GV4dAUWSSBMb3ZlIERvdG5ldEN1cnJ5LmNvbWRkZMHbBY9JqBTvB5
/6kXnY15AUSAwa" />
Step 4:
Shown above in the blue colored text is the viewstate. This is the
Base64 encoded string which we will be decoding. Do the following. Add
another textbox and button control on to the page. Rename the textbox to
‘txtViewState’ and set its ‘TextMode’ property to ‘Multiline’. Set the
text property of the button control to ‘View ViewState’ as shown below:
<br />View State<br />
<asp:TextBox ID="txtViewState" runat="server" TextMode="MultiLine" Width="667px"></asp:TextBox><br />
<asp:Button ID="Button2" runat="server" OnClick="Button2_Click" Text="View ViewState" />
On the button click add the following code.
C#
protected void Button2_Click(object sender, EventArgs e)
{
byte[] decode = Convert.FromBase64String(txtViewState.Text);
txtViewState.Text = System.Text.Encoding.ASCII.GetString(decode);
}
VB.NET
Protected Sub Button2_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim decode As Byte() = Convert.FromBase64String(txtViewState.Text)
txtViewState.Text = System.Text.Encoding.ASCII.GetString(decode)
End Sub
Step 5: Repeat Step 3. Copy the blue colored text
and paste it in the ‘txtViewState’ textbox. Now click on the second
button ‘View ViewState’. You will see that the decoded viewstate is
displayed in the textbox as shown below:
? 873649994d[1][1] d[1][1][1]‑ TextI Love DotnetCurry.comddd???I? ????y??? H
Even
though there are junk characters displayed in the textbox, however you
can make out that the textbox contained the word ‘I Love
DotnetCurry.com’
Well
that was simple, wasn’t it? In the coming articles we will see how to
encrypt viewstate in order to prevent its contents to be decoded. I hope this article was useful and I thank you for viewing it.
