.NET - How to view information in ViewState using ASP.NET 2.0 and 3.5

How to view information in ViewState using ASP.NET 2.0 and 3.5

Rating: 17 user(s) have rated this article Average rating: 3.8

Posted by: Suprotim Agarwal, on 2/18/2008, in category "ASP.NET 2.0 & 3.5"
Views: this article has been read 19870 times

Abstract: ViewState is a Base64 encoded string and is not readable by the human eye. However it is also not difficult to decode the viewstate and view the contents of the viewstate when it is passed over the wire. In this article we will see how to decode and view the contents of a viewstate.

How to view information in ViewState using ASP.NET 2.0 and 3.5

Http is a stateless protocol. Hence the state of controls is not saved between postbacks. Viewstate is the means of storing the state of server side controls between postbacks. Viewstate stores the state of controls in HTML hidden fields. In other words, it is a snapshot of the contents of a page.

When set to True, the ‘EnableViewState’ property enables storing the state of an object in a page between postbacks. Objects are saved in a Base64 encoded string. Because it is a Base64 encoded string, it is not readable by the human eye. However it is also not difficult to decode the viewstate and view the contents of the viewstate when it is passed over the wire. In this article we will see how to decode and view the contents of a viewstate.

Step 1: Create an asp.net application with 2 textboxes, a label and a button as shown below. On the button click, we will concatenate the values of the 2 textbox and display this information in the label control.

<body>

<div>

<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>

<br />

<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>

<br />

<asp:Label ID="Label1" runat="server"></asp:Label><br />

<br />

<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" />

</form>

</body>

Step 2: Add the button click event:

protected void Button1_Click(object sender, EventArgs e)

{

Label1.Text = TextBox1.Text + " " + TextBox2.Text;

}

VB.NET

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs)

Label1.Text = TextBox1.Text & " " & TextBox2.Text

End Sub

Step 3: Execute the page and enter some values in the textbox. We will enter the value ‘I Love’ and ‘Dotnetcurry.com’ respectively in the two textboxes. Now click the button. The label will contain the concatenated value and should display ‘I Love Dotnetcurry.com’. Now right click on the page > View Source.

Along with the other html text, you will see the following:

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJODczNjQ5OTk0D2QWAgIDD2QWAgIFDw8WAh4EV

GV4dAUWSSBMb3ZlIERvdG5ldEN1cnJ5LmNvbWRkZMHbBY9JqBTvB5

/6kXnY15AUSAwa" />

Step 4: Shown above in the blue colored text is the viewstate. This is the Base64 encoded string which we will be decoding. Do the following. Add another textbox and button control on to the page. Rename the textbox to ‘txtViewState’ and set its ‘TextMode’ property to ‘Multiline’. Set the text property of the button control to ‘View ViewState’ as shown below:

<br />View State<br />

<asp:TextBox ID="txtViewState" runat="server" TextMode="MultiLine" Width="667px"></asp:TextBox><br />

<asp:Button ID="Button2" runat="server" OnClick="Button2_Click" Text="View ViewState" />

On the button click add the following code.

protected void Button2_Click(object sender, EventArgs e)

{

byte[] decode = Convert.FromBase64String(txtViewState.Text);

txtViewState.Text = System.Text.Encoding.ASCII.GetString(decode);

}

VB.NET

Protected Sub Button2_Click(ByVal sender As Object, ByVal e As EventArgs)

Dim decode As Byte() = Convert.FromBase64String(txtViewState.Text)

txtViewState.Text = System.Text.Encoding.ASCII.GetString(decode)

End Sub

Step 5: Repeat Step 3. Copy the blue colored text and paste it in the ‘txtViewState’ textbox. Now click on the second button ‘View ViewState’. You will see that the decoded viewstate is displayed in the textbox as shown below:

? 873649994d[1][1] d[1][1][1]‑ TextI Love DotnetCurry.comddd???I?????y???H

Even though there are junk characters displayed in the textbox, however you can make out that the textbox contained the word ‘I Love DotnetCurry.com’

Well that was simple, wasn’t it? In the coming articles we will see how to encrypt viewstate in order to prevent its contents to be decoded. I hope this article was useful and I thank you for viewing it.

If you liked the article,

Subscribe to my RSS Feed.

Read More...(Page 2 of 2)

Dynamically Add Text to Images Retrieved from the Database using an ASP.NET Http Handler

Exploring the ASP.NET 3.5 Chart Controls

How to Print in ASP.NET 2.0

Efficient Server Side Paging with the ASP.NET GridView Control

Read Configuration Settings of Web.config using Javascript

How to go back to the previous page in ASP.NET 2.0

Creating an ASP.NET SiteMap dynamically using LINQ and bind to a TreeView

How would you rate this article?

User Feedback

Comment posted by amal on Wednesday, February 20, 2008 7:01 AM

It is nice article

Comment posted by Vijayeta Sinha on Sunday, February 24, 2008 5:41 AM

Hi!
I am trying this code but it does not work. Always I am getting the junk caracters like ????????????????????c?????x?I?U ? c??N? only.

Comment posted by Suprotim Agarwal on Monday, February 25, 2008 12:13 PM

Hi Vijayeta, Make sure you are not using the ViewStateEncryptionMode="Always" in your page or web.config.

Comment posted by syed on Thursday, February 28, 2008 11:07 AM

MIND BLOWING>>>>>>>> I GOT IT........ I really liked the code..thnx a ton

Comment posted by chandra prakash on Tuesday, April 01, 2008 10:35 AM

i am satisfied to read this article and as my concern i am given it six out of ten

Comment posted by anil on Thursday, April 10, 2008 9:29 AM

i am getting this error. PLs teel me solution

Invalid character in a Base-64 string.


        byte[] decode = Convert.FromBase64String(TextBox3.Text);
        TextBox3.Text = System.Text.Encoding.ASCII.GetString(decode);

Comment posted by Hegibase64 on Friday, September 05, 2008 11:13 AM

It was to poor. For lame develeoper it would be enough to "decode it as a base64". Perhaps some more insight in viewstate structure and "what does mean all that magic characters" section would improve this for a great articlce. But now only 2/10

Comment posted by Suprotim Agarwal on Friday, September 05, 2008 10:58 PM

Hegibase64: Thanks for your comments. Writing about viewstate is a good idea and I will cover it in the forthcoming articles.

Comment posted by unruledboy on Tuesday, September 09, 2008 6:06 AM

check this out:

http://www.codeproject.com/KB/viewstate/viewstate_viewer.aspx

and

http://www.felix-colibri.com/papers/web/asp_net/asp_net_viewstate_viewer/asp_net_viewstate_viewer.html

Comment posted by Imran on Tuesday, September 09, 2008 9:00 AM

Hi,
Nice post but is there anything which supports large number of data and work with .net 3.5 and displays everything.

Comment posted by Kent Lau on Monday, September 28, 2009 3:50 AM

I follow your example in Visual Web Developer 2008 Express Edition and it works.
Thank you.

Comment posted by sdfgsdfgdsfg on Tuesday, October 27, 2009 12:48 AM

Post your comment

Name:
E-mail:	(Will not be displayed)
Comment:
Insert Cancel