Monday, June 30, 2014

Asp.net Security: EnableViewStateMac Property

For Asp.net web application security, you should never set EnableViewStateMac to false. Because A ViewStateMac is an encrypted version of the hidden variable that a page's view state is persisted to when the page is sent to the browser. When this property is set to true, the encrypted view state is checked to verify that it has not been tampered with on the client.

By default value for EnableViewStateMac is true. MAC stands for Message Authentication Codes. It gets or sets a value indicating whether ASP.NET should check message authentication codes (MAC) in the page's view state when the page is posted back from the client.

Do not set this property in code. Set the EnableViewStateMac attribute using the @ Page directive in the .aspx file. When the page is requested, the dynamically generated class sets the property.

<%@ Page language="C#" EnableViewStateMac="true" %>

Note: This attribute should never be set to false in a production Web site, even if the application or page does not use view state. The view state MAC helps ensure the security of other ASP.NET functions in addition to view state.

In Asp.net 4.5.2, the runtime enforces EnableViewStateMac=true. Even if you set it to false, the runtime will ignores this value and proceeds with the value set to true.
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

React-select is very slow on larger list - Found solution - using react-window

 I had more than 4000 items in searchable dropdownlist. I have used react-select but it was very slow. finally I found complete solution to ...