What is the difference when using
- Hidden field vs View state?
- When to use each one ?
- Which one more secure?
- Whi开发者_运维百科ch is better in performance?
- what are the alternatives?
ViewState is stored in a hidden field and it contains information about the entire page. It can also be encrypted. Because the view state is always sent to the codebehind when performing Postbacks it is very practical as you always get the values. The drawback is that it can get really large if you start putting much information inside it and performance could start to suffer. For example in some AJAX requests you want to only send some small information to the server and if you used UpdatePanels the entire ViewState will be sent and it will contain information that is not necessary.
A hidden field can be viewed in a pages HTML source whereas ViewState is, to say the least, obfuscated and depending on your .net version, can be encrypted to varying degrees.
asp.net viewstate encryption
Hidden field will be better in performance but provides no security and if the post data can be manipulated, be a lot easier to change the ViewState.
Session variables are a good alternative to these.
ViewState
internally uses hidden field. It is managed by ASP.NET Engine
and is encrypted by default.
On the other hand, with hidden field control, you get to manage what is stored in it. By default, it's not encrypted.
Performance wise, both are same. But, I feel ViewState
is more secure. ASP.NET
maintains its hash to prevent/identify any tampering with it client side.
You can also use session to store data.
精彩评论