Cool Viewstate Decoder

Monday, February 17, 2003

Paul Wilson has put together a pretty darn cool Viewstate decoder that enables you to see what the viewstate on an ASP.NET page looks like: http://www.wilsondotnet.com/Demos/ViewState.aspx

He has also written a good article that describes the ASP.NET viewstate process: http://www.aspalliance.com/PaulWilson/Articles/?id=7.

Note that ViewState is MAC (message authentication check) encoded to prevent tampering by remote clients. As such, while you can decypher the viewstate settings using the above program, you can't actually change them and repost to the server. You can also set a stronger level of ViewState to prevent the above decoder from working by changing your encryption key settings in either machine.config or web.config.

Update: Someone just pointed me at another ViewState Decoder that Fritz Onion has also done. Looks very good, and comes with complete source code.

2 Comments

Wow -- it feels pretty cool to be noticed by ScottGu,

and in one of your very first blog entries at that.

Thanks for Noticing, Paul :)

Paul Wilson - Tuesday, February 18, 2003 5:04:00 PM

Those links appear to have rotted :(

Laurence Hygate - Monday, February 5, 2007 11:30:46 AM

Comments have been disabled for this content.