tags:

views:

19

answers:

1
Q: 

Is there a benefit of turning ViewState Encryption Off (asp.net IIS7)?

I understand how to turn off ViewState encryption for asp.net web applications. I want to know if I should. My question is more from a performance stand point than a security one (All of our traffic is on a private network and we do not store any sensitive data in the viewstate).

Before I dedicate hours of setting up tests scenarios, I was courious if anyone in this community has experience running apps with viewstate encryption disabled. As expected, I have found a lot of conflicting view points on the Internet. I would like to hear what you guys have to say.

  • If I turn off encryption will I save any noticeable overhead in the application?
  • Can I expect the overall size of the viewstate to change much? I assume the encryption also compresses the data before doing the encryption.
  • Can the lack of ViewState compression be counter balanced by using dynamic content compression in IIS7?

Thanks in advance for any feedback you can provide!

+1  A: 

The main difference would probably be the CPU usage to encrypt and decrypt the view state.

However, you probably will not notice any difference, unless you have some really large datagrids, and even then the chances are small.

It may be more usefull to go through your app and make sure that viewstate is turned off for all controls where it is not required.

Turning off viewstate has been available since .net 2.0 http://msdn.microsoft.com/en-us/library/aa479501.aspx

Shiraz Bhaiji  2010-10-19 20:35:48
Thanks!, I completely agree about disabling it. We have somewhat of a unique environment where we have a large number of small web applications running at the same time. Multiple development teams maintain groups of these applications. As a general policy, we try to limit the use of the ViewState where ever possible and have saved a lot of bandwidth in doing so. However with so many programmers involved it is sometimes difficult to audit every ViewState use (but we try).
J.Hendrix  2010-10-19 20:46:22

related questions

In .NET, will empty method calls be optimized out?
Good Resources for Relational Database Design
How to overload std::swap()
What is good server performance monitoring software for Windows?
Unit test execution speed (how many tests per second?)
Has anyone used Jaxer in production?
Replicating load related crashes in non-production environments
ADO.NET Connection Pooling & SQLServer
Has anyone run performance benchmarks comparing LINQ
Best tool for performance testing ASP.NET
Has anybody used Google Performance Tools?
Improving Productivity of my Teams
Scaling multithreaded applications on multicored machines
Is String.Format as efficient as StringBuilder
Faster way to find duplicates conditioned by time
.NET Remoting Speed and VPNs
How much database performance overhead when using LINQ?
CSharpCodeProvider Compilation Performance
C# DataTable Loop Performance
FileHelpers performance
ConfigurationManager.AppSettings Performance Concerns
Why are SYSTEM and taskmgr.exe taking up 100% of my CPU?
Speed Comparisons - Procedural vs. OO in interpreted languages
Anatomy of a "Memory Leak"
Fastest way to get value of pi