Cool Viewstate Decoder

Paul Wilson has put together a pretty darn cool Viewstate decoder that enables you to see what the viewstate on an ASP.NET page looks like: http://www.wilsondotnet.com/Demos/ViewState.aspx

He has also written a good article that describes the ASP.NET viewstate process: http://www.aspalliance.com/PaulWilson/Articles/?id=7

Note that ViewState is MAC (message authentication check) encoded to prevent tampering by remote clients.  As such, while you can decypher the viewstate settings using the above program, you can't actually change them and repost to the server.  You can also set a stronger level of ViewState to prevent the above decoder from working by changing your encryption key settings in either machine.config or web.config.

Update: Someone just pointed me at another ViewState Decoder that Fritz Onion has also done.  Looks very good, and comes with complete source code.

Published Sunday, February 16, 2003 10:41 PM by ScottGu

Comments

# Thanks for Noticing

Tuesday, February 18, 2003 12:04 PM by Paul Wilson
Wow -- it feels pretty cool to be noticed by ScottGu,
and in one of your very first blog entries at that.

Thanks for Noticing, Paul :)

# re: Cool Viewstate Decoder

Monday, February 5, 2007 6:30 AM by Laurence Hygate

Those links appear to have rotted :(