CodeProject: ViewState Serializer, Compressor & Encrypter. Free source code and programming help

Announcements

	Windows 7 Comp Win a laptop!
	Monthly Competition

Articles

Desktop Development

Web Development

Enterprise Systems

Content Management Server

Microsoft BizTalk Server

SQL Reporting Services

Platforms, Frameworks & Libraries

Windows Communication Foundation

Windows Presentation Foundation

Windows Workflow Foundation

Cryptography & Security

Threads, Processes & IPC

WinHelp / HTMLHelp

Uncategorised Quick Answers

Graphics / Design

Expression

Usability

Development Lifecycle

Debug Tips

Design and Architecture

Uncategorised Technical Blogs

Services

Code-signing Certificates

Job Board

CodeProject VS2008 Addin

Feature Zones

Product Showcase

Code Signing Resources

WhitePapers / Webcasts

ASP.NET Web Hosting

Advanced Search
Add to IE Search

Discuss

Report

8 votes for this article.

Popularity: 2.38 Rating: 2.63 out of 5

Introduction

People get frustrated when they see that in their forms, the ViewState is enormous and consumes a bandwidth of madness when being filled with styles, controls, Grids, which results in very long post time at the client. There are many solutions here, from a simple compressor to a storage in Session/Cache.

This code makes work easy, but it is a unique one for a special form: it uses a special serializer to work with binary data.

A point that will interest you is the deficient scope security system of the ViewState. If it is possible to encrypt using a server key, but there are documents that say in a same server with 2 stores online, encrypted ViewStates can be used to cause frauds in the sale of products, the special method with easy code can make a unique key by session difficult to break.

Background

The lite portion of code is based on a simple ViewState compressor: ViewStateCompression.

The compression engine uses the ICSharpCode SharpZipLib.

This code has only been tested in VB 7.1 (VS2003) not in VS2005 platform.

Using the Code

I will not be centered in the class due to lack of time (I will do it), but will explain its conditions of use: (a wonderful way to learn how the code works is by taking a look at the demo;) )

The class can be used in 2 modes: inheritance and a class declaration. I recommend using the inheritance mode, as it is the easiest way.

The inheritance mode is simple, replace:

Public Class formTest1
    Inherits System.Web.UI.Page
    ...

with:

Public Class formTest1
    Inherits ViewStateSerializer 
    ...

and simply configure in Page_Load:

SetViewStateValues(EnCrypt As Boolean, Optimize As Boolean)

EnCrypt: If is True, turns on the Encryption algorithms, a random seed & key for each session will be created.
Optimize: If is True, turns on the algorithm of Binary Serialization, larger than the other option, but you can add a large DataTable for example in ViewState. The standard deserializer of .NET hands up the server in large DataTables, not this :D

    Private Sub Page_Load(ByVal sender As System.Object, _
	ByVal e As System.EventArgs) Handles MyBase.Load

        Response.Expires = -1 'important ?!

        If Not IsPostBack Then
             SetViewStateValues(True, False) 'Configuration HERE ! 
         ...
        End If 
    ...
    End Sub

The second way is to simply place the code in any location of the Form class. The constructor format is the same as SetViewStateValues:

#Region "Overrides Page: Compression / ViewState Cryptography"

    Dim SerialX As New TurboSerializer(True, False)

    Protected Overrides Function LoadPageStateFromPersistenceMedium() As Object
        Try
            Dim viewState As String = Request.Form("__VSTATE")
            Return SerialX.DeSerialize(viewState)
        Catch
            ...
            Return Nothing
        End Try

    End Function

    Protected Overrides Sub SavePageStateToPersistenceMedium(ByVal viewState As Object)
        Try
            RegisterHiddenField("__VSTATE", SerialX.Serialize(viewState))
        Catch
            ...
            RegisterHiddenField("__VSTATE", String.Empty)
        End Try
    End Sub

#End Region

Points of Interest

You can use deferent configurations in forms but, please use in the Init configuration constant parameters in the same form to prevent browser cache failures (Response.Expires = -1).

Now I write a table to help you to select a ViewState mode that you can use according to your necessities:

	Serialization	Deserialization	Compression	Amount of Data to use	Security	Indicated to:
ViewState normal:	Good	Bad (binary)	None	Use low Data	Low	Forms with low controls, Grids with paging
Serializer normal:	Good	Bad (binary)	Good	Mid proposes	Moderate	Grids with Viewstate turned On Without paging
Serializer optimized:	Regular	Regular	Regular	Grand Data (DataTable)	Moderate	ViewState with DataTables & Grids with paging or without the ViewState turned off

Notes About the Sharp VS2005 Version

This version uses the native compression of VS2005 (no need for SharpZipLib).

The encryption now uses two levels of security, that generate two types of keys (the low mode uses a pseudo-random 3 times at day for updatable keys for all sessions, the high one is the old mode).

V1.1 of this version is compatible with Microsoft Ajax & Microsoft Ajax Control Toolkit (the only one?).

NOTE: This uses a lot of hacks to do it. To do work, see how calls to the code in the overrides section are totally different from the VB 7.x version.

The Optimized mode is hardly tested. I don't check if it works correctly in all cases.

About Version 1.3

This new version uses a new option to select the MachineKey encryption. No need anymore to set ViewStateEncryptionMode="Never"; CompressPage() now works in Ajax and more optimized De/Serialization.

About Version 1.2

This new version uses a new API to manage the load & save of ViewState. Now it is more compatible with FW 2.0 & Ajax; please see the annotation code of V1.2 for more information & usage!

Remember that in this version, you must check if ViewStateEncryptionMode="Never" is set to the engine that can compress the ViewState data (encrypting makes a aleatory data that the engine can't compress it!)
If you use the code to compress all pages, you're warned that in Microsoft Ajax, the method response.filter (Async Postback) does not work.

History

09/26/2009: Posted the v1.3 Public Sharp VS2005 version (now uses a new option to select the MachineKey encryption; uses more Reflection to access in .NET Serialization API, this point is more optimized than the older version)
07/28/2008: Posted the v1.2 Public Sharp VS2005 version (now uses PageStatePersister: more easy, compatible & can use a PageAdapter)
01-12-2008: Posted the v1.1 Public Sharp VS2005 version (Microsoft Ajax support)
08-30-2007: Posted the v1.0 Public Sharp VS2005 version
06-27-2007: Posted the v1.0 Public version

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

ModMa

Member

My life in programming has been long, begins from the 6 years of age with Basic, I have knowledge of C++, Javascript, ASP .NET, Cisco CCNA, among others.

One of my pastimes in the programming, is cryptology and systems security

One of my recognized works is P2PFire, other smaller projects like utilities for Chats

In this moments I work in the projects Ficres Netherlands & Ficres France

Occupation:	Web Developer
Company:	TecnoConsulting
Location:	Spain

Other popular ASP.NET articles:

Multiple File Upload With Progress Bar Using Flash and ASP.NET
How to use Flash to upload multiple files in a medium-trust hosting environment
CAPTCHA Image
Using CAPTCHA images to prevent automated form submission.
Exploring Session in ASP.Net
This article describe about session in ASP.Net 2.0 . Different Types of Session , There Configuration . Also describe Session on Web Farm , Load balancer , web garden etc.
10 ASP.NET Performance and Scalability Secrets
10 easy ways to make ASP.NET and AJAX websites faster, more scalable and support more traffic at lower cost
Paging of Large Resultsets in ASP.NET
An article about optimization and performance testing of MS SQL Server 2000 stored procedures used for paging of large resultsets in ASP.NET

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

Msgs 1 to 9 of 9 (Total in Forum: 9) (Refresh)

FirstPrevNext

Problem with GridView inside FormView

sv2008

6:52 3 Feb '08

Hi, thanks for your contribution however I am having a strange problem:

On a very basic Page:
- GridView (CommandField with update/edit/cancel buttons) _inside_ a FormView.
- Two SqlDataSources.
- No UpdatePanels.
- No Ajax.

This happens:
(1) click on "edit" in GridView -> row changes to editmode, edit some data
(2) click "update" -> all changes are gone, row is still in editmode

I hooked to OnRowCommand to check out EventArgs (GridViewCommandEventArgs e)

Here is the CommandName Property for the above scenario:
(1) e.CommandName = "Edit"
(2) e.CommandName = "Edit"   //WTF?

And this is the Problem:
On (2) e.CommandName is still "Edit" even though it should be "Update", so gridrow remains unchanged.

if i move the gridview from inside the FormView to the outside everything works as it should.

if i change the page BaseClass from ViewStateSerializer back to Page everything works (inside and outside).

So i think this boils down to gridview inside formview with custom viewstate handling.

I am lost any help is appreciated.

Sven.

Code to reproduce:

the .aspx.cs file:

using System;
using System.Web.UI.WebControls;
using ViewStateSerializer;

namespace testingonly {
      public partial class grid2 : ViewStateSerializer {
            protected void Page_Load(object sender, EventArgs e) {
                  // viewstate saver
                  Response.Expires = -1; //important ?!
                  if (!IsPostBack) {
                        SetViewStateValues(SecurityLevel.Low, true); //configuration HERE
                  }
            }

            protected void on_row_command(object sender, GridViewCommandEventArgs e) {
                  switch (e.CommandName) {
                        case "Update":
                              // i am never getting here. if the grid is inside formview
                              break;
                  }
            }
      }
}

the .aspx file:

<%@ Page Language="C#" AutoEventWireup="true" Codebehind="grid2.aspx.cs" Inherits="testingonly.grid2" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
      <title>Untitled Page</title>
</head>
<body>
      <form id="form1" runat="server">
            <div>
                  <asp:FormView ID="FormView1" runat="server" DataKeyNames="MASTERTABLE_ID" DataSourceID="SqlDataSource1">
                        <EditItemTemplate>
                        </EditItemTemplate>
                        <InsertItemTemplate>
                        </InsertItemTemplate>
                        <ItemTemplate>
                              <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataSourceID="SqlDataSource2" DataKeyNames="DETAILSTABLE_ID"
                                    OnRowCommand="on_row_command" >
                                    <Columns>
                                          <asp:BoundField DataField="DETAILSTABLE_ID" HeaderText="DETAILSTABLE_ID" ReadOnly="True" SortExpression="DETAILSTABLE_ID" />
                                          <asp:BoundField DataField="MASTERTABLE_ID" HeaderText="MASTERTABLE_ID" SortExpression="MASTERTABLE_ID" />
                                          <asp:BoundField DataField="DETAILSTABLE_Value" HeaderText="DETAILSTABLE_Value" SortExpression="DETAILSTABLE_Value" />
                                          <asp:CommandField ShowEditButton="True" />
                                    </Columns>
                              </asp:GridView>
                        </ItemTemplate>
                  </asp:FormView>
                  <asp:SqlDataSource ID="SqlDataSource1" runat="server"
                        ConnectionString="<%$ ConnectionStrings:dbConnectionString %>"
                        SelectCommand="SELECT [MASTERTABLE_ID] FROM [MASTERTABLE]">
                  </asp:SqlDataSource>
                  <asp:SqlDataSource ID="SqlDataSource2" runat="server"
                        ConnectionString="<%$ ConnectionStrings:dbConnectionString %>"
                        SelectCommand="SELECT [DETAILSTABLE_ID], [MASTERTABLE_ID], [DETAILSTABLE_Value] FROM [DETAILSTABLE] WHERE ([MASTERTABLE_ID] = @MASTERTABLE_ID)"
                        DeleteCommand="DELETE FROM [DETAILSTABLE] WHERE [DETAILSTABLE_ID] = @DETAILSTABLE_ID"
                        InsertCommand="INSERT INTO [DETAILSTABLE] ([DETAILSTABLE_ID], [MASTERTABLE_ID], [DETAILSTABLE_Value]) VALUES (@DETAILSTABLE_ID, @MASTERTABLE_ID, @DETAILSTABLE_Value)"
                        UpdateCommand="UPDATE [DETAILSTABLE] SET [DETAILSTABLE_Value] = @DETAILSTABLE_Value WHERE [DETAILSTABLE_ID] = @DETAILSTABLE_ID">
                        <DeleteParameters>
                              <asp:Parameter Name="DETAILSTABLE_ID" Type="Int32" />
                        </DeleteParameters>
                        <UpdateParameters>
                              <asp:Parameter Name="MASTERTABLE_ID" Type="Int32" />
                              <asp:Parameter Name="DETAILSTABLE_Value" Type="String" />
                              <asp:Parameter Name="DETAILSTABLE_ID" Type="Int32" />
                        </UpdateParameters>
                        <InsertParameters>
                              <asp:Parameter Name="DETAILSTABLE_ID" Type="Int32" />
                              <asp:Parameter Name="MASTERTABLE_ID" Type="Int32" />
                              <asp:Parameter Name="DETAILSTABLE_Value" Type="String" />
                        </InsertParameters>
                        <SelectParameters>
                              <asp:Parameter Name="MASTERTABLE_ID" DefaultValue="603" />
                        </SelectParameters>
                  </asp:SqlDataSource>
            </div>
      </form>
</body>
</html>

Re: Problem with GridView inside FormView

Manuel Soler (ModMa)

4:53 4 Feb '08

<![CDATA[<%@ Page Language="C#" AutoEventWireup="true" Codebehind="grid2.aspx.cs" EnableEventValidation="false" Inherits="testingonly.grid2" %>]]>

in more situations if alter the functionality of a form the EnableEventValidation can fails; try to disable it

i can see that you test the inheritance mode, I put you the override mode (you can try it if the problem persists)
however I'll study your code how go to home...

using System;
using System.Web.UI.WebControls;

namespace testingonly
{

public partial class grid2 : System.Web.UI.Page
{
#region "Overrides Page: Compression / ViewState Cryptography"

readonly ViewStateSerializer.ViewStateSerializer serializador = new ViewStateSerializer.ViewStateSerializer(ViewStateSerializer.ViewStateSerializer.SecurityLevel.Low, true);

protected override object LoadPageStateFromPersistenceMedium()
{
try
{
return serializador.DeSerializeMedium(this);
}
catch (Exception ex)
{
//if fails, invoke the base method
try
{
return base.LoadPageStateFromPersistenceMedium();
}
//if fails too, returns the principal exception
catch
{
throw ex;
}
}
}

protected override void SavePageStateToPersistenceMedium(object viewState)
{
serializador.SerializeMedium(this, viewState);
}

#endregion

protected void Page_Load(object sender, EventArgs e)
{
Response.Expires = -1; //important ?!
}

protected void on_row_command(object sender, GridViewCommandEventArgs e)
{
switch (e.CommandName)
{
case "Update":
// i am never getting here. if the grid is inside formview
break;
}
}
}
}