简体繁体 English

是否可以解密和查看ViewState值？

[英]Is it possible to decrypt and view ViewState values?

原文 2010-04-14 15:23:35 8 3 asp.net/ security/ viewstate

I know there are tools out there that will let you see the content of asp.net viewstate. 我知道有一些工具可以让您查看asp.net viewstate的内容。 Is it possible to see and modify the content of viewState if it has been encrypted by adding the <machineKey ... /> node to the web.config? 如果已经通过将<machineKey ... />节点添加到web.config中进行了加密，则可以查看和修改viewState的内容吗？

3 个解决方案

Sure. 当然。 ViewState is simply base64 encoded (unless you specify that it should be encrypted). ViewState只是使用base64编码的（除非您指定应对其进行加密）。 Here's a link to someone that wrote a ViewState viewer . 这是指向写ViewState viewer的人的链接。 Here's another by Fritz Onion . 这是Fritz Onion的另一本书。 You probably will not be able to directly modify the ViewState (ie outside of code) because ASP.NET has checks in place to specifically ensure that nothing has tampered with the ViewState . 您可能将无法直接修改ViewState （即，在代码外部），因为ASP.NET进行了检查以专门确保没有任何内容被ViewState篡改。 See the EnableViewStateMAC setting for more. 有关更多信息，请参见EnableViewStateMAC设置。

Update 更新资料

Thanks to link rot, the links to the various viewers are no longer valid. 由于链接腐烂，到各个查看器的链接不再有效。 However, a simple search for "viewstate viewer" can find others on the Internet such as ASP.NET ViewState viewer 但是，通过简单地搜索“ viewstate查看器”，可以在Internet上找到其他诸如ASP.NET ViewState查看器的对象。

Please take a look into here How to decode viewstate I have provided full source code to get StateBag from viewstate string. 请在这里看看如何解码视图状态我提供了完整的源代码，以从视图状态字符串获取StateBag。 Encrypted states are also possible to decrypt using same method but assigning keys. 加密状态也可以使用相同的方法但分配密钥来解密。

Edit: Here's a new link for an online viewstate decoder, since the original one is no longer available. 编辑：这是在线视图状态解码器的新链接，因为原始视图不再可用。

https://www.httpdebugger.com/Tools/ViewstateDecoder.aspx https://www.httpdebugger.com/Tools/ViewstateDecoder.aspx

Original: 原版的：

I like this view state decoder. 我喜欢这个视图状态解码器。 Very easy to use. 很好用。

removed outdated link 删除过时的链接

在此处输入图片说明

WebService中的ViewState？这可能吗？ - ViewState in WebService? Is this possible?

查看或不查看状态？ - to viewstate or not to view state?

Viewstate上的TextBox值？ - TextBox values on Viewstate?

是否可以在后面的代码中设置asp.net控件属性值而不将其添加到viewstate？ - Is it possible to set asp.net control property values in code behind without adding it to viewstate?

是否可以在ASP .NET中禁用ViewState？ - Is it possible to disable ViewState in ASP .NET?

是否可以对ViewState进行自定义实现？ - Is it possible to make a custom implementation of ViewState?

ViewState比较CheckBoxList所选值 - ViewState to compare CheckBoxList Selected Values

验证视图状态MAC失败。是否有可能并非所有viewstate都已加载？ - Validation of viewstate MAC failed. Is it possible that not all viewstate is loaded?

如何在viewstate中存储复选框值的多个值？ - how to store multiple values of checkbox values in viewstate?

是否可以在 ASP.NET 中解码 EventValidation 和 ViewState？ - Is it possible to decode EventValidation and ViewState in ASP.NET?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WebService中的ViewState？这可能吗？ - ViewState in WebService? Is this possible? 查看或不查看状态？ - to viewstate or not to view state? Viewstate上的TextBox值？ - TextBox values on Viewstate? 是否可以在后面的代码中设置asp.net控件属性值而不将其添加到viewstate？ - Is it possible to set asp.net control property values in code behind without adding it to viewstate? 是否可以在ASP .NET中禁用ViewState？ - Is it possible to disable ViewState in ASP .NET? 是否可以对ViewState进行自定义实现？ - Is it possible to make a custom implementation of ViewState? ViewState比较CheckBoxList所选值 - ViewState to compare CheckBoxList Selected Values 验证视图状态MAC失败。是否有可能并非所有viewstate都已加载？ - Validation of viewstate MAC failed. Is it possible that not all viewstate is loaded? 如何在viewstate中存储复选框值的多个值？ - how to store multiple values of checkbox values in viewstate? 是否可以在 ASP.NET 中解码 EventValidation 和 ViewState？ - Is it possible to decode EventValidation and ViewState in ASP.NET?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM