Click here to Skip to main content
6,294,871 members and growing! (17,879 online)
Email Password   helpLost your password?
Web Development » ASP.NET » General     Advanced License: The Code Project Open License (CPOL)

ViewState Serializer, Compressor & Encrypter

By ModMa

It's a very complete and robust processor of ViewState, it allows: to select the way of serializacion, compress and encryption optionally.
C# (C# 2.0), VB (VB 7.x), Windows, .NET (.NET 1.1, .NET 2.0), ASP.NET, Ajax, IIS 5.1, IIS 6, VS.NET2003, VS2005, Dev
Posted:27 Jun 2007
Updated:28 Jul 2008
Views:10,198
Bookmarked:17 times
Unedited contribution
Announcements
Loading...
 
Search    
Advanced Search
printPrint   Broken Article?Report       add Share
  Discuss Discuss   Recommend Article Email
7 votes for this article.
Popularity: 1.99 Rating: 2.35 out of 5
2 votes, 28.6%
1
2 votes, 28.6%
2

3
1 vote, 14.3%
4
2 votes, 28.6%
5

Introduction

People be frustrated when seeing that in his forms the ViewState is enormous and consumes a bandwidth of madness when being filled with styles, controls, Grids, and that produce in the client a very long post time; solutions there are many here, from a simple compressor to a storage in Session/Cache.

This code can be said that he is one but that it makes east work, but this is the unique one that for of special form: it uses a special serializer to work with binary data.

A point will interest is the deficient scope security system of the ViewState, if it is possible to encrypt using a server key, but there are documents that say in a same server with 2 stores online, can be used encrypted ViewStates to cause frauds in the sale of products, the special way that has east code can make a unique key by session difficult to break.

Background

A lite portion of code is based in a simple ViewState compressor: ViewStateCompression

The compression engine uses the ICSharpCode SharpZipLib

This code only has tested in VB 7.1 (VS2003) not in VS2005 platform.

Using the code

I will not be centered in the Class by lack of time (I will do it), but will explain its conditions of use: (a wonderful way to know to learn with the code works it, is seeings the Demo ;) )

The Class can be use in 2 modes: inheritance & a class declaration, I recommend to use the inheritance mode, is the easiest way.

The inheritance mode is simple, replace

Public Class formTest1
    Inherits System.Web.UI.Page
    ... 

To:

Public Class formTest1
    Inherits ViewStateSerializer 
    ... 

& simply configure in Page_Load:

SetViewStateValues(EnCrypt As Boolean, Optimize As Boolean)

  • EnCrypt: If is True, Turns On the Encryption algorithms, a random seed & key for each session will be created.
  • Optimize: If is True, Turns On the algorithm of Binary Serialization, more larger than the other option, but you can add a large DataTable for example in ViewState. The standard Deserializer of .NET hand up the server in larges DataTables, this not :D
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

        Response.Expires = -1 'important ?!

        If Not IsPostBack Then
             SetViewStateValues(True, False) 'Configuration HERE ! 
         ...
        End If 
    ...
    End Sub 

The second way, simply place the code in any location of the Form Class:
The constructor format is the same of SetViewStateValues

#Region "Overrides Page: Compression / ViewState Cryptography"

    Dim SerialX As New TurboSerializer(True, False)

    Protected Overrides Function LoadPageStateFromPersistenceMedium() As Object
        Try
            Dim viewState As String = Request.Form("__VSTATE")
            Return SerialX.DeSerialize(viewState)
        Catch
            ...
            Return Nothing
        End Try

    End Function

    Protected Overrides Sub SavePageStateToPersistenceMedium(ByVal viewState As Object)
        Try
            RegisterHiddenField("__VSTATE", SerialX.Serialize(viewState))
        Catch
            ...
            RegisterHiddenField("__VSTATE", String.Empty)
        End Try
    End Sub

#End Region

Points of Interest

You can use deferents configurations in forms but, Please use in the Init configuration a constant parameters in the same form to prevent browser cache fails (Response.Expires = -1)

Now i write a table to help you to select a ViewState mode that you can use according to your necessities:

Serialization Deserialization Compression Amount of Data to use Security Indicated to:
ViewState normal: Good Bad (binary) None Use low Data Low Forms with low controls, Grids with paging
Serializer normal: Good Bad (binary) Good Mid proposes Moderate Grids with Viewstate turned On Without paging
Serializer optimized: Regular Regular Regular Grand Data (DataTable) Moderate ViewState with DataTables & Grids with paging or without the ViewState turned off

Notes About the Sharp VS2005 Version

This version uses the native compression of VS2005 (not need SharpZipLib)

The encryption now uses two levels of security, that generates two types of keys (the low mode uses a pseudo-random 3 times at day updatable keys for all sessions, the high is the old mode)

The V1.1 of this version is compatible with MS Ajax & MS Ajax Control Toolkit (the only one?)

NOTE: this uses a lot of hacks to do it; To do work, see how calls the code in the overrides section, is totally different to VB 7.x ver.

The Optimized mode not hardly tested, i don't check if works correctly in all cases


About the 1.2: This new version uses a new api to manage the load & save of ViewState, now is more compatible with FW 2.0 & Ajax; please see the annotation code of V1.2 for more information & usage!
remember that in this version you must check if ViewStateEncryptionMode="Never" is set to the engine can compress the ViewState data (encrypting makes a aleatory data that the engine can't compress it!)
If you use the code to compress all page, you're warned that in MS Ajax no works the method response.filter (Async Postback)


History

Posted the v1.2 Public Sharp VS2005 version (Now uses PageStatePersister: more easy, compatible & can use a PageAdapter) in 07/28/2008

Posted the v1.1 Public Sharp VS2005 version (MS Ajax support) in 01-12-2008

Posted the v1.0 Public Sharp VS2005 version in 08-30-2007

Posted the v1.0 Public version in 06-27-2007

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

ModMa


Member
My life in programming has been long, begins from the 6 years of age with Basic, I have knowledge of C++, Javascript, ASP .NET, Cisco CCNA, among others.

One of my pastimes in the programming, is criptology and systems security

One of my recognized works is P2PFire, other smaller projects like utilities for Chats

In this moments I work in the projects Ficres Netherlands & Ficres France
Occupation: Web Developer
Company: Orizon
Location: Spain Spain

Other popular ASP.NET articles:

Article Top
You must Sign In to use this message board.
FAQ FAQ 
 
Noise Tolerance  Layout  Per page   
 Msgs 1 to 7 of 7 (Total in Forum: 7) (Refresh)FirstPrevNext
QuestionProblem with GridView inside FormView Pinmembersv20086:52 3 Feb '08  
GeneralRe: Problem with GridView inside FormView PinmemberManuel Soler (ModMa)4:53 4 Feb '08  
GeneralRe: Problem with GridView inside FormView Pinmembersv200812:04 10 Feb '08  
GeneralRe: Problem with GridView inside FormView PinmemberManuel Soler (ModMa)14:10 22 Feb '08  
Newsnext version soon... PinmemberManuel Soler (ModMa)1:12 18 Jul '08  
GeneralRe: next version soon... Pinmemberalhambra-eidos4:14 26 May '09  
GeneralRe: next version soon... PinmemberModMa8:21 26 May '09  

General General    News News    Question Question    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

PermaLink | Privacy | Terms of Use
Last Updated: 28 Jul 2008
Editor:
Copyright 2007 by ModMa
Everything else Copyright © CodeProject, 1999-2009
Web16 | Advertise on the Code Project