Scott Cate Weblog 

scott.cate@myKB.com
http://scottcate.myKB.com
Scott Cate KB > ASP.NET Code Samples - Findings > ASP.NET Class Start Over
Search the Knowledge Base
 
Start Search in the Following Category
Date Modified
Friday, November 07, 2003
Online ViewState Parser and ViewState Encryption

Ever wonder what the gobbly-gook in your viewstate is? Do you think your view state is safe? Unless you're encrypting your viewstate, it's open for the world to dissect.

Try this. Create an aspx page, add something to the view state, browse to it, and view the source. Look for the <input type="hidden" name="__VIEWSTATE" value=""> tag, and copy everything in between the value="" quote marks.

The browse to WilsonDotNet.com/Demos/ViewState.aspx (link below) and paste it in. Click the "Parse Viewstate" button, and this site will tell you in human readable form, what's in your view state.

Encrypting your view state, slows the page a little, but is easy and can be done by simply adding a key in your web.config file under Configuration.System.Web.

<machineKey validation="3DES" validationKey="" />

in the validationKey="" you'll have to enter a 128 bit key. Check out this page (link below) by Susan Warren to see how to build a page, that generates a 128 bit key.
Article References
WilsonDotNet ViewState Parser
Scott Cate - Page to Generate 128bit Key
Susan Warren - Taking a Bite Out of ASP.NET ViewState

All rights reserved. All details are the personal opinion of Scott Cate.
All trademarks referenced are the property of their respective owners.
Scott Cate is a lead programmer for www.myKB.com and
owner of The Arizona .NET User Group and an all around nice guy ;)


Knowledge Base Software - myKB.com