asp.net视图状态的加密问题 [英] asp.net viewstate encryption issue

查看：275 发布时间：2016/6/9 18:49:00 asp.net encryption viewstate base64 machinekey

本文介绍了asp.net视图状态的加密问题的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我试图打开视图状态加密始终为我的ASP.NET 3.5的网站在IIS6主办的安全措施。我们的视图状态关闭，但仍然可以看到在这个字符串有些了ControlState-。在测试环境中，我能够简单地设置在web.config中下面，我可以不再去的base64 code中的视图状态到半明文：

I am attempting to turn on viewstate encryption Always as a security measure for my ASP.NET 3.5 website hosted in IIS6. We have viewstate turned off but still see some "controlstate" in this string. In a test environment I am able to simply set the following in web.config and i can no longer base64 decode the viewstate to semi-plaintext:

＆LT;页面的EnableViewState =假enableViewStateMac =真viewStateEncryptionMode =始终＆GT;

我甚至增加了以下（由机键generater genereated）到machine.config中，仍然加密我的测试服务器上的ViewState的罚款：

I have even added the following (genereated by machine key generater) to machine.config and still encrypts the viewstate fine on my test server:

＆LT;的machineKey的validationKey =002 ......decryptionKey =D90E ...验证=SHA1解密=AES/＆GT;

我的非测试环境似乎没有拿起上面的变化我可以随时去的base64 code中的视图状态与上面的设置纯文本。之后，我做任何改变，我总是IISRESET。

My non-test environment doesn't seem to pick up the above changes as i can always base64 decode the viewstate to plain text with the above settings. I always iisreset after i make any changes.

我的非测试Web服务器的一些信息：

Some info about my non-test webserver:

Web场/负载平衡（但只有一台服务器为测试现在）

SQL会话状态（在machine.config中的machineKey最初需要进行此设置）

machine.config中：部署零售=真

任何人都可以提出去哪里寻找可能与asp.net视图状态加密干扰其他设置？

Can anyone suggest where to look for additional settings that might interfere with asp.net viewstate encryption?

编辑：现在我的IIS的测试服务器上，因为它甚至加密视图状态时，我将其设置为从不，没有我的其他网站似乎采取此设置的保持我不能撤消viewStateEncryptionMode设置。我在哪里都不可能期待看到这个属性被重写？是否存在这样该设置保存，需要时，除了我IISRESET /停止WWW服务/触摸machine.config中你会做清零任何缓存？

Now on my iis test server i cannot undo the viewStateEncryptionMode setting as it is encrypting the viewstate even when i set it to "Never" and none of my other websites seem to take a hold of this setting. Where can i possibly look to see where this property is being overridden? Is there any cache where this setting is stored that needs to be cleared besides what would be done when i iisreset/stop www service/touch machine.config?

编辑决赛：学习后的配置文件的日子里，我放弃了，并通过code实现这一点。我已经被连接到页面事件，以便在Page_Load中我添加了一个安全模块：Page.RegisterRequiresViewStateEncryption（）;

EDIT FINAL: After days of studying config files i gave up and implemented this via code. I already had a security module that was attaching to page events so in Page_Load i added: Page.RegisterRequiresViewStateEncryption();

我真的很想知道什么是preventing从得到拿起IIS6 immediatley此设置。当我在本地运行卡西尼如果我设置viewStateEncryptionMode为始终通过网页节点，我会立即看到EN code中的视图状态，并使用id =__ VIEWSTATEENCRYPTED呈现更多的隐藏字段。当我再将其设置为从不我会立即看到加密关闭。如果我在我的IIS6托管网站的网站完全相同的变化，那就没有立即生效，但如果我允许设置呆在那里，它最终将占据上风。我会停止/启动WWW服务，重置IIS，明确ASPNET临时高速缓存，但我不知道还有什么尝试？希望这篇文章可以ROT了一会儿，有人将来会看到相同的行为我经历了，我们可以再想出解决办法！

I would really love to know what was preventing this setting from getting picked up on IIS6 immediatley. When i run cassini locally if i set the viewStateEncryptionMode to "Always" via the pages node i would immediately see it encode the viewstate and render the additional hidden field with id="__VIEWSTATEENCRYPTED". When i then set it to "Never" i would immediately see the encryption turn off. If i make the same exact change to the website on my IIS6 hosted website, it would have no effect immediately but if i allow the setting to stay there it would eventually take hold. I would stop/start www service, reset iis, clear ASPNET temp cache but i don't know what else to try? Hopefully this post can ROT for a while and someone in the future will see the same behavior i experienced and we can further figure this out!

asp.net视图状态的加密问题 [英] asp.net viewstate encryption issue

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录关闭

asp.net视图状态的加密问题 [英] asp.net viewstate encryption issue

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录 关闭

登录关闭