Learning
Reputation: 20011
How to encrypt Viewstate properly in asp.net webform
I am using asp.net webform website which is using 4.5 framework and vunrability scanner show viewstate as Unencrypted __VIEWSTATE parameter
Even though i am using machine key it still flags it
<machineKey validationKey="xxxxxxxxxxxx" decryptionKey="xxxxxxxxxxxx" validation="SHA1" decryption="AES" />
Is this how viewstate can be encrypted in asp.net webform 4.5
Upvotes: 3
Views: 11120
Answers (1)
VDWWD
Reputation: 35544
You can set the ViewState encryption in the pages node under system.web of the Web.Config.
<system.web>
<pages viewStateEncryptionMode="Always" />
</system.web>
Upvotes: 5
Related Questions
- viewStateEncryptionMode="Always" not encrypting
- asp.net viewstate encryption issue
- Decryption of encrypted ViewState
- ViewState Encryption doesn't work with mixed algorithms
- Hidden Field and View State Encryption asp.net
- Encrypted view state in asp.net mvc
- How do I emulate an *encrypted* non-tamperable Viewstate in ASP.NET MVC?
- Is my VIEWSTATE encrypted?
- ASP.net ViewState encryption and decryption
- asp.net viewstate encryption