This documentation is archived and is not being maintained.

Control Class

Defines the properties, methods, and events that are shared by all ASP.NET server controls.

Namespace:  System.Web.UI
Assembly:  System.Web (in System.Web.dll)

public class Control implements IComponent, IDisposable, IParserAccessor, IUrlResolutionService, IDataBindingsAccessor, IControlBuilderAccessor, IControlDesignerAccessor, IExpressionsAccessor

This is the primary class that you derive from when you develop custom ASP.NET server controls. Control does not have any user interface (UI) specific features. If you are authoring a control that does not have a UI, or combines other controls that render their own UI, derive from Control. If you are authoring a control that does have a UI, derive from WebControl or any control in the System.Web.UI.WebControls namespace that provides an appropriate starting point for your custom control.

The Control class is the base class for all ASP.NET server controls, including custom controls, user controls, and pages. ASP.NET pages are instances of the Page class, which inherits from the Control class, and that handle requests for files that have an .aspx extension.

The Control class can directly or indirectly be used as part of the user interface for your Web application, and as such should be scrutinized to make sure best practices for writing secure code and securing applications are followed.

For general information on these topics, see Overview of Web Application Security Threats, Security Policy Best Practices, and Key Security Concepts. For more specific information, see Securing Standard Controls, How to: Display Safe Error Messages, How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings, and Introduction to the Validation Controls.

The following example demonstrates a custom server control that derives from the Control class. The InnerContent class overrides the Control.Render method, checks to see if the class has any child controls on the page and determines whether the first child of the control is a literal control. If both of these conditions are met, the overridden method writes the HTML string <H2>Your Message:, the contents of the literal control, and a closing </H2> tag to the Web Forms page.

Security noteSecurity Note:

This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

import System;
import System.Web;
import System.Web.UI;
import System.Security.Permissions;

package SimpleControlSamples {

    public class InnerContent extends Control {

       protected override function Render(output : HtmlTextWriter) {
	var securityperm : SecurityPermission;
         securityperm = new SecurityPermission(SecurityPermissionFlag.SerializationFormatter);
           if ( (HasControls()) && (typeof(Controls[0]) == LiteralControl) ) {
              output.Write("<H2>Your Message: " + (LiteralControl(Controls[0])).Text + "</H2>");


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0