It has been seen in my asp.net project that the viewstate has changed. Is there anyway to check whether my ViewState has been tampered with? (ideally with C#)
A:
The viewstate is signed with a machinekey (default servers mac) however if it's just the error you get then it could be a transmission error or similar (also if your running a farm make sure to set the same machine key on all machines)
Also if your after security don't store sensetive information in the viewstate, save it in the session instead.
Fredrik Leijon
2009-06-16 12:30:38
A:
You could add an encrypted checksum in the ViewState, and check whether it is still correct after the postback
EDIT: after reading the link posted by phoenix, it seems that there is already such a mechanism built in ASP.NET, so my suggestion is probably useless...
Thomas Levesque
2009-06-16 12:32:03
A:
There is a build in mecanism that checks the viewstate for tamper attacks.
Are you getting The view state is invalid for this page and might be corrupted exception and suspecting tampering ? this exception taken when you remove controls between postbacks.
Canavar
2009-06-16 12:41:48
No I am not getting but the final value differ from the actual value
Rick
2009-06-17 20:54:36