Some review and summary 2

6. ViewState:

On msdn: http://www.microsoft.com/china/msdn/archives/library/dnaspnet/html/Asp11222001.asp
How ViewState works

ViewState does not have any mysteries. It is a hidden form field managed by the ASP. NET page framework. When ASP. NET executes a page, the ViewState value and all controls on the page are collected and formatted into an encoding string, and then assigned to the value attribute of the hidden form field (that is). Because the hidden form field is a part of the page sent to the client, the ViewState value is temporarily stored in the browser of the client. If the client chooses to return the page to the server, the ViewState string will also be returned. In Figure 2 above, we can see the ViewState form field and its return value.

After the callback, the ASP. NET page framework parses the ViewState string and fills in the ViewState attribute for the page and each control. Then, the control uses the ViewState data to restore itself to the previous state.

There are three other minor issues worth noting about ViewState.

1. To use ViewState, you must have a server-side form tag (

Make full use of ViewState

ViewState provides a magic way to track the status of the control across backhaul, because it does not use server resources, does not time out, and applies to any browser. If you want to write controls, you must understand how to maintain the status in the controls ).

Developers can also use ViewState in almost the same way when writing pages, but sometimes the page contains the UI State values not stored by controls. You can track the value in ViewState. The programming syntax used is similar to the session and cache Syntax:

[C #]

// Save ViewState in ViewState ["SortOrder"] = "DESC"; // read string sortOrder = (string) ViewState ["SortOrder"] From ViewState;

See the following example: to display a project list on the Web page, each user needs to sort different lists. The project list is static, so you can bind these pages to the same cache dataset, And the sorting order is only a small part of the user's specific UI status. ViewState is very suitable for storing values of this type. The Code is as follows:

Select session status or ViewState?

In some cases, it is not the best choice to save the state value in ViewState. The most common alternative is session state, which is generally applicable:

• A large amount of data.ViewState increases the size of the page (HTML payload) sent to the browser and the size of the returned form. Therefore, ViewState is not suitable for storing a large amount of data.
• Security data not displayed in the UI.Although ViewState data has been encoded and can be encrypted, it is the most secure to never send data to the client. Therefore, session is a safer choice. (Because the database requires additional creden。 for verification, it is safer to store data in the database. You can add SSL to obtain a safer link .) However, if the private data is displayed in the UI, You should have confirmed the link security. In this case, placing the same value in ViewState does not reduce security.
• Objects not serialized to ViewState, such as DataSet.The ViewState serialization program is optimized only for a small part of common object types, as shown below. Other serializable types may be retained in ViewState, but the speed slows down and generates a very large ViewState.

	Session Status	ViewState
Use server resources?	Yes	No
Timeout?	Yes, 20 minutes later (default)	No
Are all. NET types stored?	Yes	No, only String, Integer, Boolean, Array, ArrayList, Hashtable, and custom TypeConverter are supported.
Add "HTML payload "?	No	Yes

Use ViewState for optimal performance

When ViewState is used, each object must be first serialized to ViewState, and then deserialized through callback. Therefore, ViewState is not a cost-effective method. However, if you follow some simple principles to control the ViewState cost, it usually does not have a significant performance impact.

• Disable ViewState if not required. This issue is described in the "reduce the use of ViewState" section below.
• Use the optimized ViewState serialization program. The types listed above have special serialization programs, which are fast to run and have been optimized to generate a small ViewState. To serialize a type not listed above, you can create a custom TypeConverter to significantly improve its performance.
• Minimize the number of objects in ViewState. For example, do not use a two-dimensional string array (name/value, the number of objects is the same as the length of the array), but use two string arrays (only two objects ). However, before the two known types are stored in ViewState, the conversion between the two types does not get any performance improvement, because this is actually equivalent to two conversions.

Reduce ViewState usage

By default, ViewState is enabled, and the content stored in ViewState is determined by each control (rather than page developers. Sometimes, this information is useless to applications. Although there is no harm, it will significantly increase the size of the page sent to the browser. Therefore, if you do not need to use ViewState, you 'd better disable it, especially when the ViewState is large.

You can disable ViewState based on each control, page, or application. ViewState is no longer required in the following cases:

Page	Widget
The page is not returned to itself.	It is not a control event. Controls do not have dynamic or data-bound property values (or they are set in code for each request ).

The DataGrid Control is a heavyweight user of ViewState. By default, all the data displayed in the grid is stored in ViewState. This is useful when complicated operations (such as complex searches) are required to obtain data. However, this behavior of the DataGrid sometimes makes the ViewState cumbersome.

Disable ViewState

In the preceding exampleEnableViewStateViewState is disabled when the property is set to False. You can disable ViewState for a single control, the entire page, or the entire application, as shown below:

Each control (on tag)
Each page (in the instruction)
Each application (in web. config)

Make ViewState safer

Because ViewState is not formatted as clear text, some people sometimes think it is encrypted, but it is not. On the contrary, ViewState only uses Base64 encoding to ensure that the value does not change during the round-trip process, regardless of the response/Request Encoding used by the application.

You can add two ViewState security levels to an application:

• Tamper-proofing
• Encryption

It should be noted that ViewState security has a direct impact on the time required to process and render ASP. NET pages. Simply put, the higher the security, the slower the speed. Therefore, do not add security for ViewState if you do not need it.

Tamper-proofing

Although the hash code does not ensure the security of the actual data in the ViewState field, it can significantly reduce the possibility that someone has cheated the application through ViewState, that is, to prevent returning the value that the application normally prohibits users from entering.

You can setEnableViewStateMACAttribute to indicate that ASP. NET adds a hash code to the ViewState field:

EnableViewStateMAC can be set at the page level or at the application level. During callback, ASP. NET generates a hash code for ViewState data and compares it with the hash code stored in the return value. If the hash code at the two locations does not match, the ViewState data will be discarded and the control will be restored to the original settings.

By default, ASP. NET uses the SHA1 algorithm to generate the ViewState hash code. You can also set To select the MD5 algorithm, as shown below:

Encryption

Encryption can be used to protect the actual data values in the ViewState field. First, you must setEnableViewStatMAC="true". Then, set the machineKeyValidationType is set3DES. This instructs ASP. NET to use the Triple DES symmetric encryption algorithm to encrypt the ViewState value.

ViewState security in the Web Field

By default, ASP. NET creates a random authentication key and stores it in the local security authorization (LSA) of each server. To verify the ViewState field created on the other serverValidationKeyMust be set to the same value. If you want to use one of the preceding methods to set ViewState security for applications running in Web domain configuration, you need to provide a unique and shared verification key for all servers.

7. webservice

Precautions for webservice development and webservice calling:
Add the [webservice (Namespace = "http: // test/")] attribute declaration to the WebService class.
Attribute Declaration for the webmethod method plus [WebMethod (Description = "Enter the abbreviation of customer name pinyin to get the full name of customer company ")]

Security of webservice,

8. Differences between final, finally, and finalize

Final? Modifier (keyword) If a class is declared as final, it means that it cannot generate a new subclass and cannot be inherited as a parent class. Therefore, a class cannot be declared both abstract and final. Declare variables or methods as final to ensure that they are not changed during use. Variables declared as final must be declared with an initial value, which can only be read and cannot be modified in future references. Methods declared as final can only be used and cannot be overloaded.
Finally? Finally blocks are provided for troubleshooting. If an exception is thrown, the matched catch clause is executed, and the control enters the finally block (if any ).
Finalize? Method Name. Java technology allows you to use the finalize () method to clear objects from the memory before the Garbage Collector clears them. This method is called by the garbage collector when it determines that this object is not referenced. It is defined in the Object class, so all classes inherit it. Subclass overwrites the finalize () method to sort system resources or perform other cleanup tasks. The finalize () method is called before the Garbage Collector deletes an object.

9. Differences between HashMap and Hashtable

* Hashtable is a Collection of thread security, and HashMap is NOT thread-safe.
* HashMap allows one null key and multiple null values, whereas hashtable does not.
* HashTable uses Enumeration and HashMap uses Iterator.
* In HashTable, the default size of the hash array is 11, and the increase is in the old * 2 + 1 mode. The default size of the hash array in HashMap is 16, and it must be an index of 2.

10. Math. Round ()
The integer nearest to. If a is in the middle of two integers, one of which is an even number and the other is an odd number, an even number is returned.
Example: Math. Round (11.5) = 12 Math. Round (12.5) = 12 Math. Round (-12.5) =-12
Note: It is different from java.

11. type conversion and security
Short a = 1;
A = a + 1; // error: short + int will be converted to int by default, so a = (short) (a + 1) is required. It is converted explicitly.
A + = 1; // right. The operator has been converted.