View State Encryption

Posted By : Bipul Kumar Tiwari,

View state is the method that the ASP.NET page framework uses to preserve page and control values between round trips. The view state in store in a hidden field with an ID _VIEWSTATE. The view state value look like encrypted string ( Base64 encoded string) and it is easily decoded.

View State Encryption

How to fix View State Encryption:

Option 1:

                     Set ViewStateEncryptionMode="Always" with your page directives. This will encrypt the ViewState data. The ViewStateEncryptionMode enumeration has three options: Auto, Always, and Never. The default value is Auto.
View State Encryption option 1

1) ViewStateEncryptionMode.Auto:

                     In this mode, ASP.NET will encrypt the ViewState for a page if a control requests for encryption. For this to happen, the control must call the Page.RegisterRequiresViewStateEncryption()method.

2) ViewStateEncryptionMode.Never:

                     In this mode Never encrypt the ViewState even if Page.RegisterRequiresViewStateEncryption()is called by a control or the page itself.

3) XViewStateEncryptionMode.Always:

                     In this mode, ASP.NET encrypt the View State always. When working with sensitive data, it is a good practice to utilize encryption.

Option 2:

                     Set EnableViewStateMAC=true in your page directive. In this option ViewState information is tamper-proof by using “Hash Codes”. [MAC = Message Authentication Code]
View State Encryption option 2

Related Articles


About the Author

Its me BIPUL who is logically minded creative at heart , a good communicator , a self taught full stack developer. I constantly focuses on my thinking , reading , collecting and creating my work in a order to enhance my skills.

I discover new dimensions for growing bussiness with a proven record in creating database and programming. I have a strong technical skills as well as strong interpersonal skills. Read more...

Browse By Category

Popular Articles