How to make ViewState secure in ASP.NET ?

The ASP.NET ViewState is a client side state management.  ViewState is stored in hidden field with ID named __VIEWSTATE. Typically, stored ViewState information  looks as below:

image 

Now let us look at the value. It looks likes an encrypted string. This is nothing but Base64 Encoded string and it is not an encrypted string.  So it can be easily decoded.

The main reasons for making it Base64 encoding are as follows:

1.  Base64 makes a string suitable for HTTP transfer

2. It makes it a little harder to read .

But people often get confused that this is an encrypted string.

Continue reading

Details explanation on Compression Enabled Session for SQL Server and State Sever Session Mode in ASP.NET 4.0

While we are talking about state management we consider Session is one of  most useful server side  state management mechanism for a web application.  In ASP.NET mainly we are having two type of state management  1. In Process  and 2. Out Process . In process is the by default session imagestorage mode for ASP.NET Web application and this is taken care by worker process in IIS. When it comes under Out Process we can use either of state server or SQL Server to persist session data. In case of In Process, session data stored in In memory of worker process. But when we are talking about OutProc session mode, we need to ensure that session data should be Serializedfirst . So, when we are moving session data from Web Server to Out Process Server ( State Server or SQL Server ) it can be a performance overhead based on the size of data that we are storing in Session.

ASP.NET 4.0 comes with a new option for compressing the Session data with Out Process Session mode. To enabling this functionality we need to add “compressionEnabled=”true” attribute with the SessionMode in web.config .

Continue reading

Use shortcut key to generate GUID very quickly in Visual Studio

One of the common tasks involved in the development is GUID’s generation. This is even more frequent when we are working on a SharePoint solutions.  Even during writing unit test we need to imagegenerate  static GUID to validate data’s. Visual Studio comes with a tool called guidgen.exe  ( c:\program files (x86)\microsoft sdks\windows\v7.0a\bin\NETFX 4.0 Tools\guidgen.exe ) which is registered with visual studio as an external tool and invoked from Tools > Create GUID. But whenever you need an unique static GUID you have to navigate to tool and copy the ID evertime. Last few days of my development involved with lots of GUID generation where I found it’s taking time to generate so many guid’s. So, I came up with an small approach  where we can generate a GUID by  just pressing some shortcut key. Behind the seen I wrote a macro for the same and  that is being triggered with the key press.

Continue reading

Programmatically Changing Session State Behavior in ASP.NET 4.0

Session is one of most important state management in ASP.NET. We can enable or disabled session state either in web.config or using @Page directive’s   EnableSessionState attributes. But there was no provision to change the session state at runtime till date in ASP.NET. But using  ASP.NET 4.0, we can change the session  state programmatically . The .NET 4.0 framework adds a new method SetSessionStateBehavior  to the HttpContext class for ASP.NET. This method required SessionStatebehavior  value to set the current session mode. To call SetSessionStateBehavior   simply create a new HttpModule by Implementing IHttModule and hook the BeginRequest event. Most important you can only use the SetSessionStateBehavior  until the AcquireRequestState event is fired, because AcquireRequestState  Occurs when ASP.NET acquires the current state  that is associated with the current request

While calling SetSessionStatebehavior, You can pass the following values as SessionStatebehaimagevior  :

  • Default: This is default setting which means  everything works as before
  • Disabled: Turned of Session Sate for Current Request.
  • ReadOnly: Read only access to Session State;
  • Required: Enabled session state for both Read and Write Access;

Continue reading

When we can use HttpContext.Current.Items to stores data in ASP.NET?

To answer this question In a single statement, you can use HttpContext.Current.Items for very short term storage. By Short term storage means, this data is valid for a single HTTP Request.  There are many confusion around regarding storing data in HttpContext.Current.Items and storing data in Session variable. In this blog post I am going to describe what are the different scenarios where we can use HttpContext.Current.Items and what is the exact difference with session variable.

Items collections of HttpContext is and IDictionary key-value collections and that are shared across a single HTTPRequest. Yes, HttpContext.Current.Items  valid for  a single HTTPRequest.  Once after processing, server  information  is sent back to the browser, the variables that were set in the Items[] collection will lost. Where as for Session Variable, information valid for multiple request as this is user specific. The session variable only  expires either on Session Time Out or explicitly clear the values.

Continue reading

Exception Occurred ? – Get Troubleshooting tips from your favorite blogs

In this blog post, I am going to share a quite interesting tips, where you can customize the “Exception Assistant” in visual studio.  I have explained how we can use this features for an custom exception class, where we want to provides custom or additional help information . As an example, I have shown how we can set some favorite blogs urls in troubleshooting tips section.

image

Continue reading

Code Project Most Valuable Professional (MVP ) – 2011

MVP I have received an MVP Award for 2011 from Codeproject.com . This is my third time in a Row I am receiving the prestigious award from CodeProject. I have been awarded MVP from Codeproject  for my article  contribution and the responding to the technical answer in ASP.NET and C# Forums .

I would like to congratulate to all the Code Project  MVP -  2011

You can find the list of all MVP’s from Code Project MVP 2011

Thanks to all of you for  support and great feedbacks on my posts.

Tips from Daily .NET Tips – Week 1

Here is the quick reference of Week 1 .NET Tips from http://dailydotnettips.com .

Generate Method Stubs using Shortcut Key in Visual Studio

In this tips I have shown how you can generate a method stub using shortcut key

Calling Methods From Watch Window

From this tips you will get to know how you can call a method from watch window

Conditional Breakpoints with Method Calling in Visual Studio

Know how you can use some return value from a method with in conditional breakpoints.

Know when your application pools recycling in IIS 7.5 – Log an entry in Event Viewer while recycling

In this tips you will learn how you can log information in event viewer whenever application pool getting recycle

How to count number of active session for State Server Session Mode ?

Know how to count number of active session from State Server session using Performance Monitor tool

How to calculate Session data size for SQL Server session mode?

In this tips I have show, how you can calculate the session data size in SQL Server Session mode.

 

To learn daily .NET Tips like this, visit http://dailydotnettips.com and follow @DailyDotNetTips

Thanks !

AJ