How to make ViewState secure in ASP.NET ?

The ASP.NET ViewState is a client side state management.  ViewState is stored in hidden field with ID named __VIEWSTATE. Typically, stored ViewState information  looks as below:


Now let us look at the value. It looks likes an encrypted string. This is nothing but Base64 Encoded string and it is not an encrypted string.  So it can be easily decoded.

The main reasons for making it Base64 encoding are as follows:

1.  Base64 makes a string suitable for HTTP transfer

2. It makes it a little harder to read .

But people often get confused that this is an encrypted string.


Details explanation on Compression Enabled Session for SQL Server and State Sever Session Mode in ASP.NET 4.0

While we are talking about state management we consider Session is one of  most useful server side  state management mechanism for a web application.  In ASP.NET mainly we are having two type of state management  1. In Process  and 2. Out Process . In process is the by default session imagestorage mode for ASP.NET Web application and this is taken care by worker process in IIS. When it comes under Out Process we can use either of state server or SQL Server to persist session data. In case of In Process, session data stored in In memory of worker process. But when we are talking about OutProc session mode, we need to ensure that session data should be Serializedfirst . So, when we are moving session data from Web Server to Out Process Server ( State Server or SQL Server ) it can be a performance overhead based on the size of data that we are storing in Session.

ASP.NET 4.0 comes with a new option for compressing the Session data with Out Process Session mode. To enabling this functionality we need to add “compressionEnabled=”true” attribute with the SessionMode in web.config .

Use shortcut key to generate GUID very quickly in Visual Studio

One of the common tasks involved in the development is GUID’s generation. This is even more frequent when we are working on a SharePoint solutions.  Even during writing unit test we need to imagegenerate  static GUID to validate data’s. Visual Studio comes with a tool called guidgen.exe  ( c:\program files (x86)\microsoft sdks\windows\v7.0a\bin\NETFX 4.0 Tools\guidgen.exe ) which is registered with visual studio as an external tool and invoked from Tools > Create GUID. But whenever you need an unique static GUID you have to navigate to tool and copy the ID evertime. Last few days of my development involved with lots of GUID generation where I found it’s taking time to generate so many guid’s. So, I came up with an small approach  where we can generate a GUID by  just pressing some shortcut key. Behind the seen I wrote a macro for the same and  that is being triggered with the key press.

Programmatically Changing Session State Behavior in ASP.NET 4.0

Session is one of most important state management in ASP.NET. We can enable or disabled session state either in web.config or using @Page directive’s   EnableSessionState attributes. But there was no provision to change the session state at runtime till date in ASP.NET. But using  ASP.NET 4.0, we can change the session  state programmatically . The .NET 4.0 framework adds a new method SetSessionStateBehavior  to the HttpContext class for ASP.NET. This method required SessionStatebehavior  value to set the current session mode. To call SetSessionStateBehavior   simply create a new HttpModule by Implementing IHttModule and hook the BeginRequest event. Most important you can only use the SetSessionStateBehavior  until the AcquireRequestState event is fired, because AcquireRequestState  Occurs when ASP.NET acquires the current state  that is associated with the current request

While calling SetSessionStatebehavior, You can pass the following values as SessionStatebehaimagevior  :

  • Default: This is default setting which means  everything works as before
  • Disabled: Turned of Session Sate for Current Request.
  • ReadOnly: Read only access to Session State;
  • Required: Enabled session state for both Read and Write Access;

When we can use HttpContext.Current.Items to stores data in ASP.NET?

To answer this question In a single statement, you can use HttpContext.Current.Items for very short term storage. By Short term storage means, this data is valid for a single HTTP Request.  There are many confusion around regarding storing data in HttpContext.Current.Items and storing data in Session variable. In this blog post I am going to describe what are the different scenarios where we can use HttpContext.Current.Items and what is the exact difference with session variable.

Items collections of HttpContext is and IDictionary key-value collections and that are shared across a single HTTPRequest. Yes, HttpContext.Current.Items  valid for  a single HTTPRequest.  Once after processing, server  information  is sent back to the browser, the variables that were set in the Items[] collection will lost. Where as for Session Variable, information valid for multiple request as this is user specific. The session variable only  expires either on Session Time Out or explicitly clear the values.

Exception Occurred ? – Get Troubleshooting tips from your favorite blogs

In this blog post, I am going to share a quite interesting tips, where you can customize the “Exception Assistant” in visual studio.  I have explained how we can use this features for an custom exception class, where we want to provides custom or additional help information . As an example, I have shown how we can set some favorite blogs urls in troubleshooting tips section.


Code Project Most Valuable Professional (MVP ) – 2011

MVP I have received an MVP Award for 2011 from . This is my third time in a Row I am receiving the prestigious award from CodeProject. I have been awarded MVP from Codeproject  for my article  contribution and the responding to the technical answer in ASP.NET and C# Forums .

I would like to congratulate to all the Code Project  MVP -  2011

You can find the list of all MVP’s from Code Project MVP 2011

Thanks to all of you for  support and great feedbacks on my posts.

Video Webcast: 10 Tips you should know about “Watch Window” While debugging in Visual Studio

Few months back I have published an article on 10 Tips you should know about “Watch Window” While debugging in Visual Studio , where I have explained about 10 useful tips on watch window. Here I am sharing you the quick video webcast on that.

My Blog 2010 in review by WordPress.Com

Just received an review email from WordPress .com Team on my blog over year 2010. Sharing with all of you !

Your 2010 year in blogging

Happy New Year from! To kick off the year, we’d like to share with you data on how your blog has been doing. Here’s a high level summary of your overall blog health:

Healthy blog!

The Blog-Health-o-Meter™ reads Wow.

We think you did great!

Tips from Daily .NET Tips – Week 1

Here is the quick reference of Week 1 .NET Tips from .

Generate Method Stubs using Shortcut Key in Visual Studio

In this tips I have shown how you can generate a method stub using shortcut key

Calling Methods From Watch Window

From this tips you will get to know how you can call a method from watch window

Conditional Breakpoints with Method Calling in Visual Studio

Know how you can use some return value from a method with in conditional breakpoints.

Know when your application pools recycling in IIS 7.5 – Log an entry in Event Viewer while recycling

In this tips you will learn how you can log information in event viewer whenever application pool getting recycle

How to count number of active session for State Server Session Mode ?

Know how to count number of active session from State Server session using Performance Monitor tool

How to calculate Session data size for SQL Server session mode?

In this tips I have show, how you can calculate the session data size in SQL Server Session mode.


To learn daily .NET Tips like this, visit and follow @DailyDotNetTips

Thanks !