A Base page in ASP.NET

Question

Do you recommend from every web site created in Visual Studio, that you should create a Base page that serves as the parent class?

What are the exact benefits/drawbacks?

Answer 1

If you want to override the way something in ASP.NET works, it can be more efficient to build it into a base class rather than including the code in every page. Two specific instances where I've done this are:

IsPostback
Little-known fact: it's quite feasible to craft a request that, to ASP.NET, looks like a postback but is submitted with a GET request. Who does this? Hackers, that's who. A call to IsPostback in this case will return true, but it shoud really return false. To get round this, build a base class that overrides IsPostBack:

Public Class MyBase
    Inherits System.Web.UI.Page
     _
    Public Shadows Function IsPostback() As Boolean

        'Check the built-in IsPostback and make sure this is a HTTP POST
        Return (Page.IsPostBack AndAlso Request.HttpMethod.ToUpper = "POST")

    End Function

End Class

Error Handling
In Beginning ASP.NET Security, Blowdart talks about the fact that if you use ASP.NET's error handling to redirect the client to a custom error page, hackers (again) can detect the redirection and flag it as an error that may be exploitable. A more secure pattern is to handle the Page's Error event and do a Server.Transfer (which doesn't send anything to the client). Again, doing this in a base class means you only write the code once:

public partial MyBase : System.Web.UI.Page
{
    protected void Page_Error (object sender, EventArgs e)
    {
        Exception ex = Server.GetLastError();

        // Do something with the exception e.g. log it
        ...

        Server.Transfer("~/mycustomerrorpage.aspx");
     }
}