ViewState Serializer, Compressor & Encrypter

• Download ViewStateSerializerDemo.zip - 88.3 KB

• Download ViewStateSerializer_Sharp_VS2005.zip V1.1 - 4.7 KB

• Download ViewStateSerializer_Sharp_VS2005.zip V1.2 - 5.33 KB

Introduction

People be frustrated when seeing that in his forms the ViewState is enormous and consumes a bandwidth of madness when being filled with styles, controls, Grids, and that produce in the client a very long post time; solutions there are many here, from a simple compressor to a storage in Session/Cache.

This code can be said that he is one but that it makes east work, but this is the unique one that for of special form: it uses a special serializer to work with binary data.

A point will interest is the deficient scope security system of the ViewState, if it is possible to encrypt using a server key, but there are documents that say in a same server with 2 stores online, can be used encrypted ViewStates to cause frauds in the sale of products, the special way that has east code can make a unique key by session difficult to break.

Background

A lite portion of code is based in a simple ViewState compressor: ViewStateCompression

The compression engine uses the ICSharpCode SharpZipLib

This code only has tested in VB 7.1 (VS2003) not in VS2005 platform.

Using the code

I will not be centered in the Class by lack of time (I will do it), but will explain its conditions of use: (a wonderful way to know to learn with the code works it, is seeings the Demo ;) )

The Class can be use in 2 modes: inheritance & a class declaration, I recommend to use the inheritance mode, is the easiest way.

The inheritance mode is simple, replace

Public Class formTest1
    Inherits System.Web.UI.Page
    ... 

To:

Public Class formTest1
    Inherits ViewStateSerializer 
    ... 

& simply configure in Page_Load:

SetViewStateValues(EnCrypt As Boolean, Optimize As Boolean)

• EnCrypt: If is True, Turns On the Encryption algorithms, a random seed & key for each session will be created.
• Optimize: If is True, Turns On the algorithm of Binary Serialization, more larger than the other option, but you can add a large DataTable for example in ViewState. The standard Deserializer of .NET hand up the server in larges DataTables, this not :D
  

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

        Response.Expires = -1 'important ?!

        If Not IsPostBack Then
             SetViewStateValues(True, False) 'Configuration HERE ! 
         ...
        End If 
    ...
    End Sub 

The second way, simply place the code in any location of the Form Class:
The constructor format is the same of SetViewStateValues

#Region "Overrides Page: Compression / ViewState Cryptography"

    Dim SerialX As New TurboSerializer(True, False)

    Protected Overrides Function LoadPageStateFromPersistenceMedium() As Object
        Try
            Dim viewState As String = Request.Form("__VSTATE")
            Return SerialX.DeSerialize(viewState)
        Catch
            ...
            Return Nothing
        End Try

    End Function

    Protected Overrides Sub SavePageStateToPersistenceMedium(ByVal viewState As Object)
        Try
            RegisterHiddenField("__VSTATE", SerialX.Serialize(viewState))
        Catch
            ...
            RegisterHiddenField("__VSTATE", String.Empty)
        End Try
    End Sub

#End Region

Points of Interest

You can use deferents configurations in forms but, Please use in the Init configuration a constant parameters in the same form to prevent browser cache fails (Response.Expires = -1)

Now i write a table to help you to select a ViewState mode that you can use according to your necessities:

	Serialization	Deserialization	Compression	Amount of Data to use	Security	Indicated to:
ViewState normal:	Good	Bad (binary)	None	Use low Data	Low	Forms with low controls, Grids with paging
Serializer normal:	Good	Bad (binary)	Good	Mid proposes	Moderate	Grids with Viewstate turned On Without paging
Serializer optimized:	Regular	Regular	Regular	Grand Data (DataTable)	Moderate	ViewState with DataTables & Grids with paging or without the ViewState turned off

Notes About the Sharp VS2005 Version

This version uses the native compression of VS2005 (not need SharpZipLib)

The encryption now uses two levels of security, that generates two types of keys (the low mode uses a pseudo-random 3 times at day updatable keys for all sessions, the high is the old mode)

The V1.1 of this version is compatible with MS Ajax & MS Ajax Control Toolkit (the only one?)

NOTE: this uses a lot of hacks to do it; To do work, see how calls the code in the overrides section, is totally different to VB 7.x ver.

The Optimized mode not hardly tested, i don't check if works correctly in all cases

About the 1.2: This new version uses a new api to manage the load & save of ViewState, now is more compatible with FW 2.0 & Ajax; please see the annotation code of V1.2 for more information & usage!
remember that in this version you must check if ViewStateEncryptionMode="Never" is set to the engine can compress the ViewState data (encrypting makes a aleatory data that the engine can't compress it!)
If you use the code to compress all page, you're warned that in MS Ajax no works the method response.filter (Async Postback)

History

Posted the v1.2 Public Sharp VS2005 version (Now uses PageStatePersister: more easy, compatible & can use a PageAdapter) in 07/28/2008

Posted the v1.1 Public Sharp VS2005 version (MS Ajax support) in 01-12-2008

Posted the v1.0 Public Sharp VS2005 version in 08-30-2007

Posted the v1.0 Public version in 06-27-2007