在ASP中使用Viewstate的目的是什么.网 [英] What's the purpose to use Viewstate in asp. net

问题描述

据说Viewstate用于保留请求之间的状态，但是让我们有一个这样的场景:我有一个以0开头的文本框，以及一个用于增加+1的按钮.步骤如下:

It is being said that Viewstate is used to retain state between request, but let's have a scenario like this: I have a textbox starts with 0, and a button to increment +1. Below are steps:

1. 最初是获取页面的获取请求，因此文本框中的文本为0.

1. Initially it was a get request to get the page, so the text in the textbox is 0.

我单击了按钮，值0正在回发到服务器.

I clicked the button, the value 0 was being postback to the server.

服务器上事件处理程序中的方法将值增加1，然后将值1发送到我的浏览器.

The method in the event handler on the server increment the value by 1, then value one is sent to my browser.

现在1正在显示在我的浏览器的文本框中，然后再次单击该按钮，将1重新发送到服务器

Now the 1 was being displayed in the textbox on my browser, and I clicked the button again, 1 is sent to the server again

与步骤3相同，然后我将在文本框中显示2.

Same as step 3, and then I will have 2 displayed in the textbox.

如您所见，我不需要使用Viewstate来记住"上一个请求中的值，我知道asp.net中的文本框默认情况下将使用Viewstate，即使enableviewstate设置为false，也可以忽略它，在我的示例中使用viewstate的目的是什么?

As you can see, I don't need to use Viewstate to "remember" values in previous request, I know textbox in asp.net will use Viewstate by default even though enableviewstate is set to be false, so just ignore that, whatz the purpose of using viewstate in my example?

推荐答案

离题:

请注意，您询问的是ASP.NET WebForms，现已有效弃用.它是ASP.NET中的抽象层，旨在使设计有状态数据输入通过模仿VB6和WinForms的工作方式(带有服务器端事件"和控件")来轻松实现网页("Web表单")，但是它非常 ASP.NET Core甚至不支持WebForms (以前称为ASP.NET 5)).

Digression:

Note that you're asking about ASP.NET WebForms, which is now effectively deprecated. It's an abstraction layer in ASP.NET which was meant to make designing stateful data entry web-pages ("web forms") easy by mimicking how VB6 and WinForms works (with "server-side events" and "controls"), however it is a very leaky abstraction which falls apart whenever you need precise control of the web-application which is why WebForms is not popular today and why ASP.NET MVC has taken its place (and WebForms isn't even supported by ASP.NET Core (formerly known as ASP.NET 5)).

正如您所观察到的，直接回发到服务器的值(因为它们位于< input/> 元素内)根本无法从ViewState中受益-但是是ASP.NET WebForms的控件具有许多属性和值，这些属性和值不会包含在它们自己的< input/> 元素中，例如(例如)< asp:Label> 的 Text =" 属性:

As you've observed, values which are directly POSTed back to the server (because they're inside <input /> elements) do not benefit from ViewState at all - however ASP.NET WebForms' Controls have many properties and values which will not be contained within their own <input /> element, such as (for example) <asp:Label>'s Text="" property:

我将说明:

MyPage.aspx:

MyPage.aspx:

<form runat="server">
    <p>Name: <input runat="server" id="name" type="text" /></p>
    <p>Special message: <asp:Label runat="server" id="message" /></p>
    <asp:Button runat="server" id="submit" text="Set name" />
    <asp:Button runat="server" id="somethingElse" text="Submit form" />
</form>

MyPage.aspx.cs(代码隐藏"页面):

MyPage.aspx.cs ("code-behind" page):

protected override void submit_ServerClick(Object sender, EventArgs e) {

    this.message.Text = "Congratulations to " + this.name + ", our 1,000,000th customer!"; // https://www.youtube.com/watch?v=suyQ44rRL5M
    this.name.Text = "";
}

1. 如果用户在< input id ="name"/> 文本框中输入他们的姓名
2. 然后单击设置名称"按钮
3. 然后它们的名称将出现在< asp:Label id ="message"/>
4. (代码还将清除输入的名称)
5. 然后，如果用户单击提交表单"按钮而没有再次输入其名称，则< asp:Label/> 将保留显示的消息-即使他们的姓名从未出现过< input/> 元素中的一个！

1. If the user enters their name in the <input id="name" /> textbox
2. then clicks the "Set name" button
3. then their name will appear in the <asp:Label id="message" />
4. (the code also clears the name input)
5. then if the user clicks the "Submit form" button without entering their name again, the <asp:Label /> will retain the displayed message - even though their name was never in any of the <input /> elements!

之所以可行，是因为实际上在隐藏的 __ VIEWSTATE 值内重新提交了标签的文本，并且为页面重建了该页面(在幕后，在ASP.NET内部)，再次渲染.

This works because the text of the label was actually resubmitted inside the hidden __VIEWSTATE value, and the page was reconstructed (behind the scenes, inside ASP.NET) for it to be rendered again.

这里是另一种看待方式:

Here's another way of looking at it:

C > S : client-to-server (web-browser to web-server)
S > C : server-to-client (web-server response to user's browser)

C > S - GET /MyPage.aspx (no form data)
S < C - OK                name="", __VIEWSTATE=""
C > S - POST /MyPage.aspx name="Foo", __VIEWSTATE=""
S < C - OK                name="", __VIEWSTATE="message.Text:\"Congratulations to foo, our 1,000,000th customer!\""
C > S - POST /MyPage.aspx name="", __VIEWSTATE="message.Text:\"Congratulations to foo, our 1,000,000th customer!\""
S < C - OK                name="", __VIEWSTATE="message.Text:\"Congratulations to foo, our 1,000,000th customer!\""

即使 name =" 字段在设置后被清除，原始提供的值("foo")仍保留在 __ VIEWSTATE 字段中.

Even though the name="" field is cleared after it's set, the original supplied value ("foo") is retained in the __VIEWSTATE field.

请记住，就客户端Web浏览器而言， __ VIEWSTATE 是一个不透明的blob:这是HMAC签名的Base64编码的字符串，使用者不能解码或读取，只能由服务器解码或读取.开发人员还可以启用 __ VIEWSTATE 值的加密(尽管默认情况下应启用IMO).它的工作方式类似于包含安全令牌的HTTP cookie.(ViewState与cookie不兼容，因为它特定于单个页面，而不是HTTP会话，并且通常可以达到 megabytes 的大小，但对于cookie来说还是太大了.)

Remember that __VIEWSTATE is an opaque blob as far as the client web-browser is concerned: it's a HMAC-signed Base64-encoded string that is not decoded or read by consumers, only by the server. Developers can also enable encryption of the __VIEWSTATE value (though this should have been enabled by default, IMO). It works similarly to a HTTP cookie that contains a security token. (ViewState is not compatible with cookies because it's specific to a single page, not a HTTP session, and it can often reach sizes in the megabytes which is too big for a cookie anyway).

我觉得WebForms是一个有趣的Web实验-但是它增加了很多不必要的复杂性，并且WebForms应用程序本来就不是RESTful的，这打破了许多关于Web的假设，我们现在可以认为这是理所当然的-例如，它几乎不可能通过简单的请求来自动化Web应用程序(例如，您将需要重播每个中间的viewstate-mutation请求)，并且如果只能通过WebForms回发来访问资源(例如，由于服务器端"事件处理程序")，那么它将破坏书签.一个特别严重的罪过是使用< asp:Hyperlink> 根本不是< a href ="> 而是会导致POST后进行HTTP重定向(通过链接的服务器端点击"事件处理程序中的 Response.Redirect ).

I feel WebForms was an interesting experiment for the web - but it added a lot of complexity which was arguably unnecessary, and WebForms applications were inherently non-RESTful, which broke many assumptions about the web that we can now take for granted - for example, it made it almost impossible to automate web-applications through simple requests (e.g. you would need to replay every intermediate viewstate-mutating request) and if a resource was only accessible via a WebForms postback (e.g. because of a "server-side event handler") then it would break bookmarks. One particularly egregious sin was the use of <asp:Hyperlink> that wasn't an <a href=""> at all, but would instead cause a POST followed by a HTTP Redirection (via Response.Redirect in the link's "server-side click" event handler).

这篇关于在ASP中使用Viewstate的目的是什么.网的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！