Client Side State Management : Hidden Field

Hidden fields are html input controls with type as hidden type store hidden data in the html. Hidden fields are not displayed on the web browser, but if you view source, you can see both the hidden field and it’s value. Not very secure. They do allow you to post information to other pages, or back to the same page.so you can’t srore sensitive data in hidden fields.

System.Web.UI.WebControls.HiddenField and System.Web.UI.HtmlControls.HtmlInputHidden are two types on hidden control available in asp.net
Use Hidden Field when need to post small amout of data post back to it self.

Hidden Fields advantages :

• Almost all browsers support hidden fields.
• Using hiddenfield data is stored on html page,so no server resources are required, if it is of type html input type.

Hidden Fields having some drawbacks also :

• Using large no of hidden field will increase the HTML page size, so loading of page becoming slower.
• As we can able to view HTML page source, we can abel to see hidden field value so no securtiy.
• we can only able to save single value in hidden field , not able to save structured data like dataset etc.

Client Side State Management : ViewState

Client Side State Management : ViewState

What is ViewState:

ASP.NET page by default uses ViewState on the page to preserve page and control property values between round-trips. When each page

is processed, the ASP. NET engine hashes the current state of the page and each control on the page into a string and passes the string to

the client browser in a hidden field. When the client posts the page back to the server, ASP.NET parses the hidden field during page

initialization and restores the page and control values back to their prior state.

ViewState is the way in the .Net by which page state (information) is maintained between page postbacks, means. web form is submitted

by the user, this same page performs some processing and perhaps presents further information
ViewState allows the state of objects (serializable) to be stored in a hidden field on the page. ViewState is transported to the

client and back to the server, and is not stored on the server or any other external source. ViewState is used the retain the state of

server-side objects between postabacks.

AS Viewstate is enabled by default in asp.net page , you can able to see viewstate field ion the source of the page
like given below

<input type=”hidden” name=”__VIEWSTATE” id=”__VIEWSTATE”

value=”/wEPDwUJNTYxMjM4MTU3ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUsY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyX01haW5Db250ZW50JFJhZEJ1dDEFLG

N0bDAwJENvbnRlbnRQbGFjZUhvbGRlcl9NYWluQ29udGVudCRSYWRCdXQxBSxjdGwwMCRDb250ZW50UGxhY2VIb2xkZXJfTWFpbkNvbnRlbnQkUmFkQnV0MgUsY3RsMDAkQ29udGVudFB

sYWNlSG9sZGVyX01haW5Db250ZW50JFJhZEJ1dDIFLGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcl9NYWluQ29udGVudCRSYWRCdXQzBSxjdGwwMCRDb250ZW50UGxhY2VIb2xkZXJfTWFp

bkNvbnRlbnQkUmFkQnV0NAUsY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyX01haW5Db250ZW50JFJhZEJ1dDQFLGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcl9NYWluQ29udGVudCRSYWRCd

XQ1BSxjdGwwMCRDb250ZW50UGxhY2VIb2xkZXJfTWFpbkNvbnRlbnQkUmFkQnV0NYyjVbeWmsKxw68mHT1S/NSpfWXM” />

ViewState is available for Page & Server Controls ( by default activated ) can be handled as follows :
For Page
<%@ Page EnableViewState=”false” %>

For Control eg TextBox
<asp:TextBox id=”tbxTrial” Text=”Trial” runat=”server” EnableViewState=”false” />

For GridView
<asp:GridView ID=”GridView1″ EnableViewState=false runat=”server”>
</asp:GridView>

ViewState to store any object as long as it is serializable with no limitation on Size of object.

we can also save viewstate as like in HashTable Values as key-value pair

ViewState(“pageValue”) = value

and can be retrieved as

textBox.text = ViewState(“pageValue”)

There can possibility that Viewstate can be tampered , so to protect the viewstate from tampering ViewState is encoded using a hash code

using MD5 algorithm.On postback ASP.NET checks the encoded ViewState to verify it has not been tampered with. This is called a machine

authentication check it can be activated by using EnableViewStateMAC attribute as follows.
<%@ Page EnableViewStateMac=”true”%>
similar can be done with the controls also.

and encryption alogrithm mentioned in & can be changed in Machine.Config file.

Advantages of using ViewState

1. No server resources required
2. Simple implementation , There is no need to write possibly complex code to store form data between page submissions.It is possible to

enable, configure, and disable ViewState on a control-by-control basis, choosing to persist the values of some fields but not others.

1. Automatic retention of page and control state
2. Enhanced security features. The values in view state are hashed, compressed, and encoded for Unicode implementations.
3. Viewstate has advantages the other 3 methods don’t have. One of the most important is the ability of viewstate to support structured data.This means that control values are maintainable across page postbacks.

This means that control values are maintainable across page postbacks.

Disadvantages:

1. Performance. The view state is stored in the page itself, so increase the page size.
2. Security. The view state is stoed in a hidden field on the page. Although view stateores data in a hashed format, it can be tampered with.
3. Does not track across pages. ViewState information does not automatically transfer from page to page.
4. Because the view state for a given page must be kept on the server, it is possible for the current state to be out of synchronization with the current page of the browser, if the user uses the Back feature on the browser to go back in the history.For example, suppose the user goes to Page 1, then clicks a button to go to Page 2, then presses Back to return to Page 1. The current page on the browser is now Page 1,but the current state on the server is that of Page 2.