Encrypt the ViewState

by Emanuele 3/13/2008 7:21:00 PM

By default, the ViewState encryption is disabled in the web applications.
So it is recommended not send private data through Viewstate at least that you are not using SSL.
There are two ways to encrypt your ViewState:
1. Encrypt ViewState in every Page
2. Encrypt ViewState in web.config for all pages in your applications

In the first case, add the attribute in the directive <%@Page ViewStateEncryptionMode="Always" %> in your single page.
In the second case, add the attribute viewSateEncryptionMode="Always" in your web.config.
Then add the algorithm of decryption in your web.config.
There are much key of decryption, but the key AES is the best for performance and for security.

See the example:

<configuration>
    <system.web>
        <machineKey decryptionKey="AutoGenerate,IsolateApps" decryption="AES" />
            </system.web>
</configuration>

For more informations go to http://msdn2.microsoft.com/en-us/library/ms998288.aspx

Tags:

Asp.Net

E-mail | Kick it!
Permalink | Post RSSRSS comment feed

Related posts



Powered by BlogEngine.NET 1.3.1.0
Theme by Emanuele Bartolesi

About the author

Name of author Emanuele Bartolesi
I'm a senior developer and project manager.

Contact me Contact me

Calendar

<<  December 2008  >>
MoTuWeThFrSaSu
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

View posts in large calendar

Pages

Recent posts

Archive

Tags

Categories


Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2008

Sign in

Download Day 2008