Why ViewState doesn't work in ASP.NET?

Discussion in 'MCSD' started by jacksu, Feb 20, 2004.

  1. jacksu

    jacksu Guest

    I set the viewstate in page_load, and try to get it in the
    click function. But it shows NullPointException.

    Does ViewState only within one request? or can it go
    through session?

    Thanks.

    Jack
     
    jacksu, Feb 20, 2004
    #1
    1. Advertising

  2. ViewState is good for each PostBack. If you don't postback, it goes away.
    After all, ViewState is data in hidden field.

    "jacksu" <> wrote in message
    news:12fe601c3f7b7$b0721c10$...
    > I set the viewstate in page_load, and try to get it in the
    > click function. But it shows NullPointException.
    >
    > Does ViewState only within one request? or can it go
    > through session?
    >
    > Thanks.
    >
    > Jack
     
    Hayato Iriumi, Feb 20, 2004
    #2
    1. Advertising

  3. >After all, ViewState is data in hidden field.
    .... and nothing more than that.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Feb 21, 2004
    #3
  4. It's encrypted, though, right?


    "The Poster Formerly Known as Kline Sphere" <.> wrote in message
    news:...
    > >After all, ViewState is data in hidden field.

    > ... and nothing more than that.
    >
    > Kline Sphere (Chalk) MCNGP #3
     
    Brunswick Lowe, Feb 21, 2004
    #4
  5. >It's encrypted, though, right?

    No, just encoded.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Feb 21, 2004
    #5
  6. jacksu

    UAError Guest

    "Brunswick Lowe" <> wrote:

    >It's encrypted, though, right?
    >

    Is only encrypted if in the machine.config:

    <machineKey validation='3DES' />


    Building Secure ASP.NET Applications
    Chapter 8: Page 187

    Securing View State

    If your ASP.NET Web applications use view state:
    - Ensure the integrity of view state (to ensure
    it is not altered in any way while in transit)
    by setting the enableViewStateMac to true as
    shown below. This causes ASP.NET to generate
    a Message Authentication Code (MAC) on the
    page’s view state when the page is posted
    back from the client.
    <% @ Page enableViewStateMac=true >
    - Configure the validation attribute on the
    <machineKey> element in Machine.config, to
    specify the type of encryption to use for data validation.
    Consider the following:
    - Secure Hash Algorithm 1 (SHA1) produces a larger hash
    size than Message Digest 5 (MD5) so it is considered
    more secure. However, view state protected with SHA1
    or MD5 can be decoded in transit or on the client
    side and can potentially be viewed in plain text
    - Use 3 Data Encryption Standard (3DES) to detect
    changes in the view state and to also encrypt it
    while in transit. When in this state, even if
    view state is decoded, it cannot be viewed in plain text.
     
    UAError, Feb 22, 2004
    #6
  7. Good point.

    However, any data which requires secure transmission should [also]
    have been secured at the start of the conversation, as is the case
    when using https. The problem with only using the viewstatemac setting
    is that information (i.e. that contained in form variables) is sent as
    part of the request to the server and naturally not encrypted. As
    such, it is only the __VIEWSTATE field which is encrypted on the
    server, which is then sent back to client as part of the response.

    On Sun, 22 Feb 2004 00:35:16 -0500, UAError <> wrote:

    >"Brunswick Lowe" <> wrote:
    >
    >>It's encrypted, though, right?
    >>

    >Is only encrypted if in the machine.config:
    >
    ><machineKey validation='3DES' />
    >
    >
    >Building Secure ASP.NET Applications
    >Chapter 8: Page 187
    >
    >Securing View State
    >
    >If your ASP.NET Web applications use view state:
    >- Ensure the integrity of view state (to ensure
    > it is not altered in any way while in transit)
    > by setting the enableViewStateMac to true as
    > shown below. This causes ASP.NET to generate
    > a Message Authentication Code (MAC) on the
    > page’s view state when the page is posted
    > back from the client.
    > <% @ Page enableViewStateMac=true >
    >- Configure the validation attribute on the
    > <machineKey> element in Machine.config, to
    > specify the type of encryption to use for data validation.
    > Consider the following:
    > - Secure Hash Algorithm 1 (SHA1) produces a larger hash
    > size than Message Digest 5 (MD5) so it is considered
    > more secure. However, view state protected with SHA1
    > or MD5 can be decoded in transit or on the client
    > side and can potentially be viewed in plain text
    > - Use 3 Data Encryption Standard (3DES) to detect
    > changes in the view state and to also encrypt it
    > while in transit. When in this state, even if
    > view state is decoded, it cannot be viewed in plain text.



    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Feb 22, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c2FuanU=?=

    information about asp ,oracle,asp.net certification?

    =?Utf-8?B?c2FuanU=?=, May 18, 2005, in forum: Microsoft Certification
    Replies:
    1
    Views:
    671
    Bob Christian
    May 18, 2005
  2. Zabron Muyambo

    Easy Moving from ASP to ASP.NET???

    Zabron Muyambo, Oct 26, 2004, in forum: MCSD
    Replies:
    7
    Views:
    539
    Zabron Muyambo
    Oct 27, 2004
  3. dmartu

    Bizzare ViewState issue (ASP.NET)

    dmartu, Dec 4, 2008, in forum: Software
    Replies:
    0
    Views:
    870
    dmartu
    Dec 4, 2008
  4. london1919
    Replies:
    1
    Views:
    3,057
    Lawrence Garvin \(MVP\)
    Dec 8, 2008
  5. azraffarveen
    Replies:
    0
    Views:
    1,832
    azraffarveen
    May 12, 2009
Loading...

Share This Page