Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is my VIEWSTATE encrypted?

I'm a little confused. I haven't explicitly set the Web.config <pages ViewStateEncryptionMode="Always" />, and so this MSDN page says that it should default to Auto. This MSDN page says that Auto should cause the viewstate information to be encrypted if a control requests encryption by calling the RegisterRequiresViewStateEncryption method. But, none of my controls call that method. So it looks like my viewstate should, in fact, not be encrypted.

However, when I copy/paste the viewstate into one of the various online viewstate decoders, I'm told that the viewstate serialized data is invalid. So, is my viewstate encrypted or not? Is there some obvious way to tell? Has the default ASP.net behaviour changed to encode the viewstate by defualt unless you disable it?

like image 607
Jez Avatar asked Jun 14 '11 11:06

Jez


2 Answers

If its set to Always or auto, all control state would be encrypted.All controls calling RegisterRequiresViewStateEncryption view state would be encrypted ir-respective of Auto/Always. If your 'custom control' needs encryption call this.

See this on MSDN

If you are developing a custom control that deals with potentially sensitive information, call the RegisterRequiresViewStateEncryption method to register the control with the page and ensure view state for the control is encrypted.

The entire page state will be encrypted if the ViewStateEncryptionMode is set to Auto or Always.

like image 156
YetAnotherUser Avatar answered Sep 23 '22 05:09

YetAnotherUser


Force it on, see if you get the same error from a decoder.

Force it off, see if it now decodes.

I think that will give you the answer you're looking for.

like image 25
Jeff Sheldon Avatar answered Sep 22 '22 05:09

Jeff Sheldon