Breaking News

Sunday, January 31, 2010

ASP.NET ViewState Review

Was going through the internals of the ways that ASP.NET engine handles the Viewstate. Came across this wow article by Scott Mitchel. The states that an ASP.NET page goes through; and the cost of the ViewState that an ASP.NET page has to pay in form of performance barriers; and ways to avoid heavy duty pages, including persisting ViewState on server file system.



The great thing about the article is that it comes with a parser to decode the base64 encoded ViewState information that resides in hidden __VIEWSTATE form field. Just decode about any ASP.NET page an enjoy the secrets; although it is not very much recommended to store anything sensitive in ViewState or even use an important public property called ViewStateUserKey that is used as salt to encrypt the information; and then probably you may be able to save your users from "one click attacks".

No comments:

Post a Comment

Designed By Published.. Blogger Templates