ViewState Encryption in ASP.Net

Question

ViewState Encryption in ASP.Net

Why do I see the same hash value generated when I use different viewstate encryption algorithms. I added below lines to web.config file

pages viewstateEncryptionMode = "Always" enableViewStateMac = "true" ... / ">

machineKey validationKey = "AutoGenerate, IsolateApps" decryptionKey = "AutoGenerate, IsolateApps" validation = "AES" decryption = "Auto" / ">

The compilation debug = "false" ...> is also set.

No matter what I use (AES, MD5, SHA1, 3DES), it generates the same hash. I'm missing something.

Please let me know.

-Thank

+3

asp.net encryption viewstate

ajk Aug 20 '10 at 16:26

source share

2 answers

Chuck conway · Answer 1 · 2010-08-20T16:34:29+0000

Here is an article about Encrypting Viewstate . This is for ASP.Net 2.0. which should be fine for 3.5.

felickz · Answer 2 · 2011-07-06T17:14:08+0000

Via P&P on MSDN :

The default authentication for SHA1 is to protect against unauthorized access (if or, then forms authentication hashes forms an authentication ticket using either MD5 or HMACSHA1 (HMACSHA1 is used even if the check is set to AES or 3DES). Form authentication encrypts the ticket, using the algorithm specified in the decryption attribute. (The decryption attribute was introduced in ASP.NET 2.0.)

Therefore, in theory, only SHA1 and MD5 should differ in the hash that is created.

ViewState Encryption in ASP.Net

More articles: