简体繁体 English

哪个最好使用ViewState或hiddenfield

[英]Which is best to use ViewState or hiddenfield

原文 2009-10-22 17:06:23 1 4 c#/ asp.net/ viewstate/ hiddenfield

I have a page in which I want to maintain the value of object between post backs. 我有一个页面，我想在后面保持对象之间的对象的价值。 I am thinking of two ways to maintain the value of objects 我正在考虑两种方法来维护对象的价值

Store the value in View Sate 将值存储在View Sate中

Store the value in hidden field 将值存储在隐藏字段中

which is best option to use based on performance 这是基于性能的最佳选择

4 个解决方案

Viewstate if you don't need to reference it in client side script. Viewstate，如果您不需要在客户端脚本中引用它。 A Hidden field if you do. 如果你这样做的隐藏字段。

Also consider that if the data is sensitive, the Viewstate is encrypted by default, whereas the hidden field, by default, stores it as plain text visible to anyone who knows how to view source. 还要考虑如果数据是敏感的，Viewstate默认是加密的，而隐藏字段默认情况下将其存储为知道如何查看源的任何人都可以看到的纯文本。

Edit 编辑

Per @Andrew Hare's note on his own answer, I'm editing this. 根据@Andrew Hare关于他自己答案的说明，我正在编辑这个。 It's an important enough distinction to note. 值得注意的是，这是一个非常重要的区别。 I'd hate for someone to think they were "safe" using the Viewstate based on my oversight. 根据我的疏忽，我讨厌有人认为他们使用Viewstate是“安全的”。

The Viewstate is NOT encrypted by default, it's stored as Base-64 encoding. Viewstate默认不加密，它存储为Base-64编码。 It can be decoded fairly easily, so using the Viewstate because it's encrypted by default is not valid. 它可以很容易地解码，因此使用Viewstate是因为它默认是加密的无效。 It's better than plain text, but not to anyone with the ability to google "decrypt Viewstate" or "decode Viewstate". 它比纯文本更好，但对任何能够谷歌“解密Viewstate”或“解码Viewstate”的人都没有。

So don't rely on the Viewstate to protect your hidden information in client side code. 因此，不要依赖Viewstate来保护客户端代码中的隐藏信息。

An article here tells how to encrypt it properly. 这里的一篇文章讲述了如何正确加密它。 (but also warns about performance issues). （但也警告性能问题）。

It doesn't really matter since ViewState is itself stored in a hidden input. 由于ViewState本身存储在隐藏输入中，因此无关紧要。 Use whichever one is easier for you. 使用哪个更容易。 If it were up to me I would choose ViewState since the ASP.NET runtime will handle the serialization and deserialization of your objects for you. 如果由我决定，我会选择ViewState，因为ASP.NET运行时将为您处理对象的序列化和反序列化。

我喜欢ViewState - 它更难被黑客攻击 - 一个讨厌的人可以轻易地将你的页面提交给你隐藏的字段中的坏数据

You want to store it in the View State. 您想将其存储在视图状态中。 Hidden fields can be updated on the browser, as they are meant to store information that can be manipulated on the client side. 隐藏字段可以在浏览器上更新，因为它们用于存储可以在客户端操作的信息。 The view state will be validated by asp.net against tampering, where you will have to do that with the hidden field yourself. 视图状态将由asp.net验证以防止篡改，您必须自己使用隐藏字段。