Introduction
This is helper class to post serialized objects to other page.
Background
Many times we need to carry data from one page to another page in ASP.NET. Out of
available options query string suffers security issues and size limitations;
Server.Transfer
is secure but keeps same old URL in browser. Third approach is posting data to page.
But ASP.NET does not provide any built any functionality to do that. Here is a helper
class which serializes objects, encrypts them and then posts to destination URL.
Same utility can be used at destination page to read the data.
How it works?
Whole process includes following steps.
1. Serializing data :
To post data, it first needs to be serialized into a string. Here object is serialized
using
LosFormatter (used to serialize viewstate). Other options that can be used
are
XMLSerializer and
SoapFormatter or any other formatter that converts objects
to strings.
XmlSerializer
suffers from a drawback that it cannot serialize objects
which implement
IDictionary
interface. While choosing a formatter, you will be required
to think about time taken for serializing and de-serializing objects and size of
formatted data.
2. Encrypting data:
As data will be written to client before it gets posted, encryption is necessary
to ensure security. Here
Triple DES encryption is used. Other encryption techniques
can also be used.
3. Posting data
Serialized, encrypted and HTML encoded objects are then written to client in a multipart
form, as hidden fields, which is then auto-submitted using JavaScript.
Noscript
tag must also be written, as JavaScript might be disabled and in such a case application
may get stuck and user will not know what actually happened. I have intentionally
added one variable with key
__TransferData
, to distinguish between data posted by
other utilities. It also carries Form Name as value.
4. Reading back
Reading involves decoding, decrypting and de-serializing objects.
Using the code
Following lines of code illustrate how this utility class can be used to post data
to other page:
PostDataHelper helper = new PostDataHelper(Request, Response);
helper.FormName = "Person Form";
helper.Data.Add("Person1", new Person("ABC", "XYZ"));
helper.Data.Add("Person2", new Person("123", "456"));
helper.RedirectWithData("Default2.aspx");
Objects being added need to be serializable. As MSDN state here,
Losformatter
is for classes containing strings, arrays, and hash tables. So if efficiency is a concern, you can check for other serialization options.
Reading the data is equally simple:
PostDataHelper helper = new PostDataHelper(Request, Response);
helper.ReadPostedData();
Response.Write("Form Name : " + helper.FormName + "<br/>");
if (helper.Data.HasObjectForKey("Person1"))
Response.Write("Person1 : " + helper.Data.Get("Person1") + "<br/>");
if (helper.Data.HasObjectForKey("Person2"))
Response.Write("Person2 : " + helper.Data.Get("Person2") + "<br/>");
Form name can be used in cases where multiple pages are posting to same page and you need to differentiate between them.
Note
If page, which is posting data, is intended to be called through a WebRequest
, this utility class won't work. Reason behind this is use
of JavaScript for form submission, which won't be executed by WebRequest
. If, only
WebRequest
is going to be used (like API), you can opt for
Server.Transfer
and in case of mixed mode i.e. both WebRequest
and browser, a flag can be passed to differentiate between calls.
History
- Feb 25 2013: Update content and added note.