如何查看viewstate

鼠标右键页面,然后view page source

源码中搜索viewstate,会找到一个隐藏的字段。

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPaA8FDzhkNmJlYWE3ODdlY2ZhMxgFBRpjdGwwMCRjcGhNYWluJHVjUHJvZmlsZSRJZA8FATVkBSBjdGwwMCRjcGhNYWluJHVjUHJvZmlsZSRMYXN0TmFtZQ8FA+WNomQFG2N0bDAwJGNwaE1haW4kdWNQcm9maWxlJEFnZQ8FAjMyZAUhY3RsMDAkY3BoTWFpbiR1Y1Byb2ZpbGUkRmlyc3ROYW1lDwUG5L+K5rabZAUdY3RsMDAkY3BoTWFpbiR1Y1Byb2ZpbGUkTW9uZXkPBQwwLjAwMDAwMjU1MjBkq9Xg7eCkuRMKxXAWft9MqgH5A1AKB7Ai3JQcgVlh+OI=" />

还有可能搜到一个叫__VIEWSTATEGENERATOR的字段,不过这个不是viewstate

<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="8EB90039" />

F12,然后在elements菜单中进行搜索

解密

通过这个页面,可以进行解密http://viewstatedecoder.azurewebsites.net/

需要注意是有可能只能部分解密

32 byte(s) left over, perhaps an HMACSHA256 signature?

浅谈ViewState

一、ViewState概述
① ViewState是基于webform的

② 在web窗体控件属性处设置runat = "server",这个控件会被附加一个隐藏的属性_ViewState,_ViewState存放了所有控件在ViewState中的状态值。

③ 页面会在输出时,自动添加下面的隐藏域:

value处的值只是base64编码并不是加密。

④ ViewState是一个名称/值的对象集合。

⑤ 当请求某个页面时,ASP.NET会把所有控件的状态序列化成一个字符串,然后作为窗体的隐藏属性送到客户端,当客户端将页面回传时,ASP.NET分析回传的窗体属性,并赋给控件对应的值。(恢复现场)

⑥ ViewState不能存储所有的数据类型,仅支持:String、Integer、Boolean、Array、ArrayList、Hashtable

防止篡改

How to Make ViewState Secure in ASP.NET

Understanding ASP.NET View State

ASP.NET View State Overview

What Is View State And How It Works In ASP.NET

Background 

A web application is stateless.
That means that a new instance of a page is created every time when we make a request to the server to get the page and after the round trip our page has been lost immediately.
It only happens because of one server, all the controls of the Web Page is created and after the round trip the server destroys all the instances. So to retain the values of the controls we use state management techniques.
 

State Management Techniques

 
They are classified into the following 2 categories,
 

 
Now I am explaining what View State is.
 

View State

 
View State is the method to preserve the Value of the Page and Controls between round trips. It is a Page-Level State Management technique. View State is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a post-back.
 
Now I am showing you an example of what the problem is when we don't use view state.
  1.     //Declaration of a and b
  2.     public string a, b;
  3.     protected void Button1_Click(object sender, EventArgs e)
  4.     {
  5.         //TextBox1 and TextBox2 Value is Assigning on the variable a and b
  6.         a = TextBox1.Text;
  7.         b = TextBox2.Text;
  8.         //after clicking on Button TextBox value Will be Cleared
  9.         TextBox1.Text = TextBox2.Text = string.Empty;
  10.     }  
  11.  
  12.     protected void Button3_Click(object sender, EventArgs e)
  13.     {
  14.         //value of variable a and b is assingning on TextBox1 and Textbox2
  15.         TextBox1.Text = a;
  16.         TextBox2.Text = b;
  17.     }
 
It only happens because all the controls are classes and on the server all the Control Objects are created and then after the round trip the Page is returned to the client's browser in HTML format and the objects are destroyed at the server.
 
After the Submit button is clicked the value of user name and password is submitted to the server.
We cannot restore the value again because after the postback the instance of the control is destroyed and on clicking of the Restore Button the server takes a new request and the server cannot restore the value of the TextBox.
 

Features Of View State

 
These are the main features of view state,
  1. Retains the value of the Control after post-back without using a session.
  2. Stores the value of Pages and Control Properties defined in the page.
  3. Creates a custom View State Provider that lets you store View State Information in a SQL Server Database or in another data store.
And now I am explaining the stored value in the View State and the remaining steps are the same as the previous.
  1.     protected void Button1_Click(object sender, EventArgs e)
  2.     {
  3.         //Value of Textbox1 and TectBox2 is assigin on the ViewState
  4.         ViewState["name"] = TextBox1.Text;
  5.         ViewState["password"] = TextBox2.Text;
  6.         //after clicking on Button TextBox value Will be Cleared
  7.         TextBox1.Text = TextBox2.Text = string.Empty;
  8.     }
  9.     protected void Button3_Click(object sender, EventArgs e)
  10.     {
  11.         //If ViewState Value is not Null then Value of View State is Assign to TextBox
  12.         if (ViewState["name"] != null)
  13.         {
  14.             TextBox1.Text = ViewState["name"].ToString();
  15.         }
  16.         if (ViewState["password"] != null)
  17.         {
  18.              TextBox2.Text = ViewState["password"].ToString();
  19.         }
  20.     }
After clicking on the Submit Button the value of user name and password is submitted in View State and the View State stores the value of user name and password during post-back.
 
After click on the Restore Button we can get the value again. The Value must be retained during post-back and the values are stored into a base 64 encoded string and this information is then put into the View State Hidden Field.

Data Objects That Can be Stored in View state

  1. String
  2. Boolean Value
  3. Array Object
  4. Array List Object
  5. Hash Table
  6. Custom type Converters

Advantages of View State

  1. Easy to Implement.
  2. No server resources are required: The View State is contained in a structure within the page load.
  3. Enhanced security features: It can be encoded and compressed or Unicode implementation.

Disadvantages of View State

  1. Security Risk: The Information of View State can be seen in the page output source directly. You can manually encrypt and decrypt the contents of a Hidden Field, but It requires extra coding. If security is a concern then consider using a Server-Based state Mechanism so that no sensitive information is sent to the client.
  2. Performance: Performance is not good if we use a large amount of data because View State is stored in the page itself and storing a large value can cause the page to be slow.
  3. Device limitation: Mobile Devices might not have the memory capacity to store a large amount of View State data.
  4. It can store values for the same page only.

When We Should Use View State

  1. When the data to be stored is small.
  2. Try to avoid secure data.

View State的更多相关文章

  1. No saved view state could be found for the view identifier

    解决方法: javax.faces.application.ViewExpiredException:No saved view state could be found for the view i ...

  2. ASP值view State

    using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.We ...

  3. View的onSaveInstanceState和onRestoreInstanceState过程分析

    为什么要介绍这2个方法呢?这是因为在我们的开发中最近遇到了一个很诡异的bug.大体是这样的:在我们的ViewPager中 有2页的root view都是ScrollView,我们在xml里面都用了an ...

  4. SPRING IN ACTION 第4版笔记-第八章Advanced Spring MVC-002-SpringFlow的组件(state\<transition>\<var>\<set>\<evaluate>)

    一. In Spring Web Flow, a flow is defined by three primary elements: states, transitions,and flow dat ...

  5. [AngularJS] Default Child state and nav between child state

    Let's say we want a parent state which is a abstract state. Two children states, one is for sinlge a ...

  6. go语言使用go-sciter创建桌面应用(七) view对象常用方法,文件选择,窗口弹出,请求

    view对象的详细文档请看: https://sciter.com/docs/content/sciter/View.htm demo9.html代码如下: <!DOCTYPE html> ...

  7. what is diff. b/w app state & session state

    Application state is a data repository available to all classes in an ASP.NET application. Applicati ...

  8. java.lang.IllegalArgumentException: Wrong state classs

    java.lang.IllegalArgumentException: Wrong state class, expecting View State but received class cn.et ...

  9. Change Field Layout and Visibility in a List View 在列表视图中更改字段布局和可见性

    This lesson will guide you through the steps needed to select columns displayed in the List View. Fo ...

随机推荐

  1. [学习笔记]HTTP协议

    转自:www.cnblogs.com/li0803/archive/2008/11/03/1324746.html Author :Jeffrey 引言 HTTP是一个属于应用层的面向对象的协议,由于 ...

  2. Hadoop框架基础(二)

    ** Hadoop框架基础(二) 上一节我们讨论了如何对hadoop进行基础配置已经运行一个简单的实例,接下来我们尝试使用eclipse开发. ** maven安装 简单介绍:maven是一个项目管理 ...

  3. go语言中在变量后加上接口是什么意思?

    如题刚刚开始学习go 语言有些不懂: a.Data = make(map[string]interface{}) 我认为它是在申请a.Data map为字符串类型的空间,那么它后面接一个空的inter ...

  4. [ xml ] [ log4j2 ] No grammar constraints (DTD or XML Schema) referenced in the document.

    <!DOCTYPE xml> http://rx1226.pixnet.net/blog/post/321584550

  5. HDU 4324 Triangle LOVE【拓扑排序】

    题意:给出n个人,如果a喜欢b,那么b一定不喜欢a,如果b不喜欢a,那么a一定喜欢b 就是这n个点里面的任意两点都存在一条单向的边, 所以如果这n个点不能构成拓扑序列的话,就一定成环了,成环的话就一定 ...

  6. 把ISO文件当作光盘挂载

    当不能挂载光盘或者U盘时候,只需要把ISO文件传到某个目录中,比如/data下,即可挂载,如下所示:   mount -o loop /data/rhel-server-6.3-x86_64-dvd. ...

  7. nil gogo

    https://blog.csdn.net/zhonggaorong/article/details/50233421 https://github.com/KevinHM/FunctionalRea ...

  8. 以替换为主的疯狂填词、sub()介绍

    去年接到一个任务,一直给拖到了今天,再这么下去可不行,今天我就要让你们看看我的厉害 任务是这样的:创建一个程序,读入文本文件,并让用户在该文本出现ADJECTIVE .NOUN.ADVERB或VERB ...

  9. 紫书 习题 10-7 UVa 10539(long long + 素数筛)

    注意要开long long 如果int * int会炸 那么久改成long long * int #include<cstdio> #include<vector> #incl ...

  10. STM32的Flash

    STM32中存储区分为:随机存取存储器RAM和只读存储器ROM. 其中: RAM为常说的内存,比如手机的2G内存4G内存等,就是程序跑起来的时候所占用的存储空间,特点是掉电数据丢失. ROM为常说的硬 ...