The default ASP.NET settings ensure that viewstate are tamper proof and encrypted. This ensures that any modification of the ViewState either on the client's computer or over the network is detected when the server processes the data.
To provide tamper proof ViewState, the ViewState content is hashed for each response and the hash is compared on subsequent requests. The validation attribute of the machineKey indicates which hashing algorithm to use, and it defaults to SHA1. If the application is installed in a Web farm, it is needed to change the validationKey from the defautl value of AutoGenerate,IsolateApps to a specific manually generated key value
With the default settings shown above, the AutoGenerate setting instructs ASP.NET to generate a random key. The IsolateApps modifier causes ASP.NET to generate a unique key for each application on your server by using the application ID of each application.
The default value is correct for a single server deployment. You will need to change the default settings if your application is deployed in a Web farm. In a Web farm, you must manually generate the validationKey value and make sure that it is the same on all servers in the farm.
No comments:
Post a Comment