State Management Technique-View State

Hi Guys today i am going to tell you about view state.

What is a View State in asp.net ?

View state is a mechanism to preserve data across postbacks.

where Viewstate resides ? 

view state resides within a page in hidden field with value equals to _VIEW_STATE,and its in encoded string.
whenever you request for a page the web server proceeds the request and send response with aspx page and during this process view state is view state decoded and sent to client's browser.

why to use a view state ? 

it want to preserve your information on certain postback,then you need to use viewstate.let me explain how?suppose you bind a drop down with items fetched from database.Now if you do this activity on each time when the page is post back means on each fresh http request then you will slow down your page speed because each time you will interact with db and retrieve all records and bind them.Instead of doing so,just bind the records for the first httprequest and then for all other request use view state of this instead.you can do this as follows:

if (!Page.IsPostBack)
{

//your db stuff here.

}

now if your page is post back again & again you don't need to perform db stuff.

enableviewstate ? in page directive if you set this attribute to true then viewstate will be enabled for whole page,for control specific you can change this to false or true.

What is the role of enableViewStateMac ? well MAC  tends to message authentication code,lets understand use of enableviewstateMac with an example,suppose you have filled a form and its asked for ccnumber,if someone has enabled viewstate on this field and you fill the form in a usual way. after filling up form and checkout but someone decoded this viewstate string and fill the form again,now he is having you creditcard number because he decoded the string,now other field are set to his own. now message authentication code compare both of the string and then if the difference found(as in our case) then all the viewstate is replaced with the older one and this attach will not affect the transaction.

Can we allow viewstate to be encrypted ? yes. setting validation to 3DES(Encryption algo.)  in machine key(inside system.web element in web.config) you can allow you view state to be encrypted.benefit of this is that this won't be decrypted without decryption key.

an example of machine key

<machine key validation="3DES|SHA1|MD5" decryption key=.... validation key=..... />
validation key is used to validate the view state and determines is view state has been tempered.

• (SHA1 and MD5 are encoding algo. but SHA1 generates long encoded string so more preferable.)

Persistent Machine key : suppose you are in a web farm scenario where apps is maintained on more than one server.suppose there are two server A,B. now user are not aware of whether this response is coming from web server A or B. so when ViewState is decrypted on server A its served to user but when some part of apps served from server B the dynamically generated decryption key/validation key will not decrypt/validate the view state and hence ViewState_Error will be occur. to avoid this error use a persistent machine key.

Extension methods -asp.net mvc

Extension Methods in asp.net mvc

why to use extension method ?

well, in a simple statement I would say extension methods are used to get rid of writing html source code for views in asp.net mvc

let's take an example

suppose you are building a html table with several rows and cols in view
eg:

<table><tr><td>...</td></tr></table>
now you need to use table structure in various places in your application so without re writing this just create one extension method and put you structure over there
like this :

namespace ExtensionMethods.Common
{
public static class Helpers
    {

        public static string table(this HtmlHelper helper, string itemfirst, string itemsecond)
        {
            return String.Format("<table><tr><td>{0}</td></tr><tr><td>{1}</td></tr></table>", itemfirst, itemsecond);
        }
      
}
}
note:static class only can have static functions.
so now when you implement table structure into your view,you just need to add appropriate namespace for my case this was
"ExtensionMethods.Common".

as shown below :

Now whenever you need this structure just imports the appropriate namespace and then call extension method by passing parameters within it.

and you will see items witin table structure in your application.

outputcaching with authorize filter

Hi guys,after a long time I am back to blogging,today I am going to explain about how to use outputcaching with authorizefilter.

for outputcaching you can refer by previous blog.
(outputcaching is also a kind of filter)

Filters in asp.net mvc : 

Authorize filter
Raises before any action execute and authorize the current user.
Action filter
two method overridden from actionfilterattribute class
onactionexecuting : before action get executed.
onactionexecuted : after action get executed.
Result Filter
two method overriden from actionfilterattribute class
onresultexecuting : before result get executed,
eg: when you return view() from any action this method executed before this.
onresultexecuted : after result get executed.

Exception filter
whenever action throws any exception.
class for this filter is HandleErrorAttribute.

Note: controller inherited from controllerbase class in which it implements filter attribute so ultimately your controller can also implement these attributes.
Eg:

[Athorize]
your action..

Using outputcaching with Authorize filter :

Problem : 

if we use both of these filters in the worst case the unauthorize users even can view the cached content of authorize users,to avoid we need to use a custom class which

implements authorizefilterattribute class.

public class EnhancedAuthorizeAttribute : AuthorizeAttribute
{
public bool AlwaysAllowLocalRequests = false;
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
if (AlwaysAllowLocalRequests && httpContext.Request.IsLocal)
return true;
// Fall back on normal [Authorize] behavior
return base.AuthorizeCore(httpContext);
}
}

[EnhancedAuthorize(Roles = "admin", AlwaysAllowLocalRequests = true)]
Now, this will grant login only for admin roles and not to any other role.

but I achieve this wtih athorize attribute

eg:
 [Authorize(Roles="admin")]
 [OutputCache(Duration=30,VaryByParam="None")]

note : order is a property of filter base class which defines the order of filter execution but by default filter are put on stack for execution which means the last one will be executed first.