ASP.NET Viewstate handling You can…

less than 1 minute read

You can “tamper-proof” your viewstate to reduce the likelihood of someone trying to spoof your application by setting the EnableViewStateMAC attribute. If necessary you can encrypt it too.

However, by default, ASP.NET creates a random validation key and stores it in each server’s Local Security Authority (LSA). In order to validate a ViewState field created on another server, the validationKey for both servers must be set to the same value. If you secure ViewState by any of the means listed above for an application running in a Web Farm configuration, you will need to provide a single, shared validation key for all of the servers.

The article Q313091 HOW TO: Create Keys by Using Visual Basic .NET for Use in Forms Authentication shows how to generate keys for use in the validationKey and the decryptionKey attributes of the section in the **** element in the Machine.config and the Web.config files.

Twitter Facebook LinkedIn

Adrian Bateman

ASP.NET Viewstate handling You can…

You May Also Enjoy

Clean recovery of Surface RT and Windows Update (2022)

Running ssh-agent with WSL2 (so that VSCode can find it)

Change Windows PC name to lower case

Installing the latest version of git on Ubuntu