How to view information in ViewState using ASP.NET 2.0 and 3.5
Posted by: Suprotim Agarwal ,
on 2/18/2008,
in
Category ASP.NET
Abstract: ViewState is a Base64 encoded string and is not readable by the human eye. However it is also not difficult to decode the viewstate and view the contents of the viewstate when it is passed over the wire. In this article we will see how to decode and view the contents of a viewstate.
How to view information in ViewState using ASP.NET 2.0 and 3.5
Http is a stateless protocol. Hence the state of controls is not saved between postbacks. Viewstate is the means of storing the state of server side controls between postbacks. Viewstate stores the state of controls in HTML hidden fields. In other words, it is a snapshot of the contents of a page.
When set to True, the ‘EnableViewState’ property enables storing the state of an object in a page between postbacks. Objects are saved in a Base64 encoded string. Because it is a Base64 encoded string, it is not readable by the human eye. However it is also not difficult to decode the viewstate and view the contents of the viewstate when it is passed over the wire. In this article we will see how to decode and view the contents of a viewstate.
Step 1: Create an asp.net application with 2 textboxes, a label and a button as shown below. On the button click, we will concatenate the values of the 2 textbox and display this information in the label control.
<body>
<form id="form1" runat="server">
<div>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
<br />
<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
<br />
<br />
<asp:Label ID="Label1" runat="server"></asp:Label><br />
<br />
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" />
<br /> </div>
</form>
</body>
Step 2: Add the button click event:
C#
protected void Button1_Click(object sender, EventArgs e)
{
Label1.Text = TextBox1.Text + " " + TextBox2.Text;
}
VB.NET
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs)
Label1.Text = TextBox1.Text & " " & TextBox2.Text
End Sub
Step 3: Execute the page and enter some values in the textbox. We will enter the value ‘I Love’ and ‘Dotnetcurry.com’ respectively in the two textboxes. Now click the button. The label will contain the concatenated value and should display ‘I Love Dotnetcurry.com’. Now right click on the page > View Source.
Along with the other html text, you will see the following:
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJODczNjQ5OTk0D2QWAgIDD2QWAgIFDw8WAh4EV
GV4dAUWSSBMb3ZlIERvdG5ldEN1cnJ5LmNvbWRkZMHbBY9JqBTvB5
/6kXnY15AUSAwa" />
Step 4: Shown above in the blue colored text is the viewstate. This is the Base64 encoded string which we will be decoding. Do the following. Add another textbox and button control on to the page. Rename the textbox to ‘txtViewState’ and set its ‘TextMode’ property to ‘Multiline’. Set the text property of the button control to ‘View ViewState’ as shown below:
<br />View State<br />
<asp:TextBox ID="txtViewState" runat="server" TextMode="MultiLine" Width="667px"></asp:TextBox><br />
<asp:Button ID="Button2" runat="server" OnClick="Button2_Click" Text="View ViewState" />
On the button click add the following code.
C#
protected void Button2_Click(object sender, EventArgs e)
{
byte[] decode = Convert.FromBase64String(txtViewState.Text);
txtViewState.Text = System.Text.Encoding.ASCII.GetString(decode);
}
VB.NET
Protected Sub Button2_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim decode As Byte() = Convert.FromBase64String(txtViewState.Text)
txtViewState.Text = System.Text.Encoding.ASCII.GetString(decode)
End Sub
Step 5: Repeat Step 3. Copy the blue colored text and paste it in the ‘txtViewState’ textbox. Now click on the second button ‘View ViewState’. You will see that the decoded viewstate is displayed in the textbox as shown below:
? 873649994d[1][1] d[1][1][1]‑ TextI Love DotnetCurry.comddd???I?????y???H
Even though there are junk characters displayed in the textbox, however you can make out that the textbox contained the word ‘I Love DotnetCurry.com’
Well that was simple, wasn’t it? In the coming articles we will see how to encrypt viewstate in order to prevent its contents to be decoded. I hope this article was useful and I thank you for viewing it.
This article has been editorially reviewed by Suprotim Agarwal.
C# and .NET have been around for a very long time, but their constant growth means there’s always more to learn.
We at DotNetCurry are very excited to announce The Absolutely Awesome Book on C# and .NET. This is a 500 pages concise technical eBook available in PDF, ePub (iPad), and Mobi (Kindle).
Organized around concepts, this Book aims to provide a concise, yet solid foundation in C# and .NET, covering C# 6.0, C# 7.0 and .NET Core, with chapters on the latest .NET Core 3.0, .NET Standard and C# 8.0 (final release) too. Use these concepts to deepen your existing knowledge of C# and .NET, to have a solid grasp of the latest in C# and .NET OR to crack your next .NET Interview.
Click here to Explore the Table of Contents or Download Sample Chapters!
Was this article worth reading? Share it with fellow developers too. Thanks!
Suprotim Agarwal, MCSD, MCAD, MCDBA, MCSE, is the founder of
DotNetCurry,
DNC Magazine for Developers,
SQLServerCurry and
DevCurry. He has also authored a couple of books
51 Recipes using jQuery with ASP.NET Controls and
The Absolutely Awesome jQuery CookBook.
Suprotim has received the prestigious Microsoft MVP award for Sixteen consecutive years. In a professional capacity, he is the CEO of A2Z Knowledge Visuals Pvt Ltd, a digital group that offers Digital Marketing and Branding services to businesses, both in a start-up and enterprise environment.
Get in touch with him on Twitter @suprotimagarwal or at LinkedIn