ASP.NET handling viewstate and controls
Hi all.
lately I'm using less and less the ASP.NET controls and also turns off the viewstate in almost any page, in my opinion its easier to maintain your pages, you get more control over what happening and most importantly it gives a serious performance boost to large pages (no view state). I'm also using a lot of ajax in my projects (without the script manager / updatecontrol but via javascript) is anyone here working like this? is this bad practice ?
just curious to hear your opinions :)
Regards,
Motil.
Re: ASP.NET handling viewstate and controls
Hey,
ViewState can certainly be problematic, and part of that is down to the way it is handled within ASP.Net. i.e. you either have ViewState completely turned off at the site level, or you have it on, and then turn it off for particular controls on the page.
Going forward, with ASP.Net 4.0, that gets turned on it's head. Now, you can turn it off at the site level, and then turn it on for particular controls. Much better in my opinion.
It really comes down to a case by case basis, sometimes you simply can't achieve what you need without it, or without rolling your own implementation of it.
I don't think what you are doing would be regarded as bad practice, but rather an optimization.
Gary
Re: ASP.NET handling viewstate and controls
In alot of cases I find asp controls difficult or more complicated to work with javascript I have written or copied :) Like the way they change client id's and need to add a clientside JS event in code because they don't accept it in the design tag. As Gary says .net 4 is addressing alot of such issues and it's nice to know microsoft support their customers.
I don't use the ajax toolkit, I don't use providers for that matter either but I'm not saying I'd never use them I just perfer to implement the logic myself. As for viewstate I always try to design without it and use it when it doesn't matter because it makes life easy in those cases.
I wrote an email to a member of the .net team after first reading about MVC and how it gives complete control over what's rendered to the client. I said I aim for that with web forms and please consider customers like me in future releases and don't steer asp.net into an enviroment that depends on helper methods/code/script. He wrote back and said try MVC :) I think he was joking and am looking forward to working with .net 4 and VS 2010. For that matter I'm looking forward to my new dev machine which is long overdue.
Re: ASP.NET handling viewstate and controls
Thank you for the reply's Gary and brin351 its good to know i'm not "crazy" for not using ASP.NET controls/viewstate most of the time :). and just like you brin351 I'm using the viewstate only when it doesn't matter, the problem with ASP.NET controls is that my projects is usually so JS/AJAX dependent that i can't use 95% of the time which i don't care except when i need to use repeater for example, then i have two choices : use standard HTML control and use Literal in its ID property to for setting the ID programmatically or use the .NET control and banging my head later with js or jquery for getting the control i wanted... i don't like both ways.. adding literal looks like a chip trick for me (you need to put it between the id="<literal bla bla bla " )
i'm not agree with your statement "it's nice to know microsoft support their customers."
brin351, i really think they don't i still don't own vs2010 and didn't used the .NET 4.0 but i've already read about the the new way they "let us" decide if the controls id's will be static or not..
well.. you can set controls as static when they're outside repeater but when you use repeater or one of its kind the problem returns... they do give you some options... but you still get unwanted string in your controls IDs... so the problem is only 50% solved.. they knew how big this problem is for developers so why not to provide a real total fix ? oh well.. maybe in .NET 5 :D
thanks again for the replies
Re: ASP.NET handling viewstate and controls
Quote:
Originally Posted by
brin351
I wrote an email to a member of the .net team after first reading about MVC...
Ok, who did you right to? :)
Re: ASP.NET handling viewstate and controls
Quote:
Originally Posted by
motil
i'm not agree with your statement "it's nice to know microsoft support their customers."
brin351, i really think they don't i still don't own vs2010 and didn't used the .NET 4.0 but i've already read about the the new way they "let us" decide if the controls id's will be static or not..
well.. you can set controls as static when they're outside repeater but when you use repeater or one of its kind the problem returns... they do give you some options... but you still get unwanted string in your controls IDs... so the problem is only 50% solved.. they knew how big this problem is for developers so why not to provide a real total fix ? oh well.. maybe in .NET 5 :D
I kind of agree with you. I think they almost have it, but not quite.
I haven't personally played with it yet, but I have seen a demo, and basically what I took from the demo was that you are now in a position where you can reliably "predict" what the ClientID of a control is going to be. As a result, you don't have the same reliance on getting the ClientID from the server, but rather, you are now able to "infer" the ID on the client.
I will be playing with this soon though, have a new project coming up, and this is one of the first things I will be testing.
Oh, and motil, you know you can still grab the 2010 Express Edition's, right. They are free, and you can install them side by side with other Visual Studio instances.
Gary
Re: ASP.NET handling viewstate and controls
Hi Gary
just as brin351, I'm about to buy my new development machine in the following weeks and with that i will also buy vs2010 so i rather wait :).
just quick question why don't you upgrade your current project to .NET 4.0?
Re: ASP.NET handling viewstate and controls
How long have you got? That is a long story.
My current asp.net web site, which is down just now, runs on a linux operating system using the Mono framework. This works really well for .Net 2.0 websites, and Mono isn't quite there yet when it comes to .Net 4.0. As a result, I can't do a straight up upgrade.
What I am currently looking into is a new web site for something I am starting, and I am going to host that using either jodohost or softsys, so as a result, I can use the latest and greatest the .Net Framework has to offer.
What new hardware are you getting? I bet I am going to be jealous :)
Gary
Re: ASP.NET handling viewstate and controls
I still not fully know, i only decided to get new computer few days ago (i'm thinking about it for a long time) i will consult with the guy that provide computers to our company and see what he suggesting, once i get the cpu specification i will post them here for consulting. i need some help when comes to computer hardware.
right now my dev machine is intel dual core 2.8gh with 4g ram which I'm quite happy with but with vs2010 coming up which i want to work smoothly so decided to get new one.
Re: ASP.NET handling viewstate and controls
I bought windows server 2008 and my machine (Pentium dual core) blue screened while installing it. Fortunately I partitioned my drive to keep my current OS as well - like a multi boot set up. My new machine I think I'll go 64 bit because that seems to be the way MS are progressing. I'm also waiting to buy VS 2010 at the same time so with all that money spent I should be up to date for at least a few months :(
I too get a bit down on Microsoft when I think things could be done better. I watched a couple webcast videos on the challenges they face when releasing new versions of .net etc and the consideration for legacy apps such as a .net 2.0 site I make are huge. For example to prevent the app breaking or allow it to be upgraded. Better them that me, so I've mellowed a bit on that score. My wife on the other hand thinks they're a bunch of idiots and I sympathize with her. She is an artist and says what I do is talk in squiggle.
Quote:
Originally Posted by brin351
I wrote an email to a member of the .net team after first reading about MVC...
Quote:
Gary
Ok, who did you right to?
I had a look through my emails but it was too long ago. It was when MVC was first being released and I was studying the MS blogs/videos so I don't know who it was but it was nice of them not to be to busy or important to respond.
Oh that was a joke, I get it, honestly I emailed Mr Gates who was so impressed that he invited me to the ranch to play Nintendo er xBox.
Re: ASP.NET handling viewstate and controls
Quote:
Originally Posted by
brin351
She is an artist and says what I do is talk in squiggle.
I get that too!! :)
Quote:
Originally Posted by
brin351
I had a look through my emails but it was too long ago. It was when MVC was first being released and I was studying the MS blogs/videos so I don't know who it was but it was nice of them not to be to busy or important to respond.
Oh that was a joke, I get it, honestly I emailed Mr Gates who was so impressed that he invited me to the ranch to play Nintendo er xBox.
The reason that I ask is that I recently attended a talk about VS2010 hosted by Scott Guthrie. Following the event, I followed up with an email, and I actually got a response, which I was actually surprised at, I can only imagine the amount of email that he gets!!
Re: ASP.NET handling viewstate and controls
Quote:
The reason that I ask is that I recently attended a talk about VS2010 hosted by Scott Guthrie. Following the event, I followed up with an email, and I actually got a response, which I was actually surprised at, I can only imagine the amount of email that he gets!!
It may have been Scott Guthrie but I can't remember, I too was supprised to get a response as I was not expecting one. I find it interesting that most people at the top of their field are also good people.
Re: ASP.NET handling viewstate and controls
Absolutely. I was very surprised when I saw him in person, he was very down to earth, and very helpful!! I was great to see.
Re: ASP.NET handling viewstate and controls
Quote:
Originally Posted by
motil
i've already read about the the new way they "let us" decide if the controls id's will be static or not..
well.. you can set controls as static when they're outside repeater but when you use repeater or one of its kind the problem returns... they do give you some options... but you still get unwanted string in your controls IDs... so the problem is only 50% solved..
Static Control IDs can be controlled by you even in repeater type controls. You set the ClientIDMode to Predictable, and then assign an ID to the control that you're using in the template field. It doesn't have the ctl00 etc in it.
However, I don't see why that's such a problem - if you're writing JS to talk to those controls, you could always get the .ClientID in the codebehind and generate your JS without having to ever write 'ctl00' anywhere.
Re: ASP.NET handling viewstate and controls
Quote:
Originally Posted by
motil
Hi all.
lately I'm using less and less the ASP.NET controls and also turns off the viewstate in almost any page, in my opinion its easier to maintain your pages, you get more control over what happening and most importantly it gives a serious performance boost to large pages (no view state). I'm also using a lot of ajax in my projects (without the script manager / updatecontrol but via javascript) is anyone here working like this? is this bad practice ?
just curious to hear your opinions :)
Regards,
Motil.
It really depends. On the site. We're not using ASP.NET AJAX but regular ajax because we do the JS ourselves and it's faster and lighter than a ridiculous UpdatePanel partial-postback just to change a single label.
On the other hand, it's easy to get carried away with ajax and start putting business logic in there, which is why I consider it bad practice. Ajax/JS should be used to enhance the site rather than become a fixture of it - but that's subject to the target audience. If this is some sort of a secure site that requires a login or that takes my login details or personal details, the first thing I'd do is to look for the bits of JS that call web services and start hacking away at it. For purely academic purposes of course. So the point is, always be aware of security. The moment you use a pagemethod or web service and call it via JS, it's a public web service.
Re: ASP.NET handling viewstate and controls
Also, regarding viewstate - it's really up to the developer how large it grows and it's also what sets a regular developer apart from a good developer. Knowing when to use viewstate, disabling it when not needed, and so on. So you basically use viewstate when you need viewstate. Quite simple, but not necessarily convenient :p
Re: ASP.NET handling viewstate and controls
Quote:
Originally Posted by
mendhak
However, I don't see why that's such a problem - if you're writing JS to talk to those controls, you could always get the .ClientID in the codebehind and generate your JS without having to ever write 'ctl00' anywhere.
yes you can but it still makes things more complicated then it should, you then need to start passing those IDs around if you using more then one JS function and there is more limitations, As i said i still didn't got the chance to play with the new ids system of .NET 4.0 framework so i might be dead wrong :)
Quote:
Originally Posted by
mendhak
It really depends. On the site. We're not using ASP.NET AJAX but regular ajax because we do the JS ourselves and it's faster and lighter than a ridiculous UpdatePanel partial-postback just to change a single label. .. [snip]
I truly love AJAX, it makes the web much more interesting and dynamic, i use it a lot with all my projects but never when it comes to logins or sensitive data information (well i DO check user name availability with AJAX).
as for mixing AJAX with BLL, i treat my AJAX methods just as any other method in my page, here is an example of one my uses with ajax, first i use the jquery library to call the web method:
Code:
var initSend = function(objID) {
var param = new Object();
param.Param1 = $("#SomeData").val();
param.Param2 = $("#SomeOtherData").val();
param.Param3 = SomeOtherInforamtion;
$.ajax({
async:true,
type: "POST",
url: "Default.aspx/MyWebMethod",
dataType: "json",
data: $.toJSON(param),
contentType: "application/json; charset=utf-8",
success: function(msg) {
result = msg.d;
// doing some cool stuff here
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
// oh sh*t an error
}
});
}
as you see i use JSON for my paramaters, it's much more comfortable and i also heard it's more secure, but i must admit i still need to get better understanding regarding AJAX and security.
then i use the web method which is inside the source page :
Code:
[WebMethod(EnableSession = true)]
public static bool SendMessage(string Param1, string Param2, Param3)
{
bool someBool = true;
if(MyCustomClass.MyMethod(Param1) && MyCustomClass.MyMethod(Param2))
{
MyCustomClass inst = new MyCustomClass ();
int SomeInt = Convert.ToInt32(HttpContext.Current.Session["UserSession"]);
inst .Property1 = Param1;
inst .Property2 = Param2;
inst .Property3 = Param3;
MyCustomClass.SomeStaticMethod(inst);
}
else
{
someBool = false;
}
return someBool ;
}
here you go no need to mix the BLL with AJAX, you just treat it as any other method in your page.
and finally i will try to learn more about the viewstate and to use it when i should. right now it brings me more trouble and the feeling that i'm doing things the wrong way when using it.
Re: ASP.NET handling viewstate and controls
JSON more secure? lol :)
As long as it's visible, it's open, so whether you send it as json or xml or string, it's open for anyone to use. So in the example shown, as long as MyCustomClass.SomeStaticMethod isn't doing something too intensive or sensitive, you should be OK because a malicious end user that gets a hold of that may decide to call it in different ways, which is where the context comes in, it really depends on what the public pagemethods are doing.
Re: ASP.NET handling viewstate and controls
I've read somewhere that you can use JSON to be more secure, i think it was something with serialize it.. but yea i understand, no matter the method you use once you use js users can call your methods and even modified its variables, you can even do so through any browser address bar.
in addition to that, every single information you send and receive with ajax can easily be read by others(Firefox's FireBug anyone?)
thank you very much for pointing the security issue i will now be much more careful and will put much more thought when using ajax.