First of all, what is a
ViewState ?
It is a hidden field generated by ASP.NET that contains information about all the controls on the page. Primarily
ViewState values are shown in the page source. By default, it is
Base64 Encoded. If you have a
Base64 decoder then it can be easily decoded.
Now, Suppose you want to encrypt the
ViewState value by a different encoding technique, then how will do that ?
<configuration>
<system.web>
<machineKey validation="3DES" />
</system.web>
</configuration>
Write the above code in the
web.config file. The above configuration allows you to make
ViewState value by
"Triple DES" encryption standard.
You can also set
ViewState encryption type in configuration level :-
<configuration>
<system.web>
<pages ViewStateEncryptionMode="Always" />
</system.web>
</configuration>
If you want to encrypt the
ViewState at a page level, then
<%@Page ViewStateEncryptionMode="Always" %>
The
ViewStateEncryptionMode enumeration has three values:
Auto ,
Always , and
Never . The default value is
Auto .
Note: Please note that following the above encryption method
doesn't guarantee you full security.
ViewState value can still be decoded, if you know how to do that but the above method will still make it much safer than the default
Base64 encoding. Also note that, encrypting the
ViewState information will issue performance cost associated and it will lead to overhead. Ideally the view state should not need to be encrypted, as it should never contain sensitive information.
Thanks and Regards
Akiii