Last post May 22, 2011 11:27 PM by Mamba Dai - MSFT
May 16, 2011 09:11 PM|esassaman|LINK
In my Application_Error handler in global.aspx, I email myself some information if my web app faults on my remote server. Included in the information I email myself is my viewstate. I would really like to decode the viewstate so I can get a better picture
of what is going on at the time of the fault.
The problem is that my viewstate is 3DES encoded. In my web.config I have a <machineKey> tag, with a fixed validationKey, descryptionKey, and validation="3DES". So in theory I can base-64 decode my viewstate and decrypt it with my validationKey (?). I'm
having a problem finding the right tools to do this. I've found some viewstate decoders but they either fail (presumably because it's 3DES encrypted?) or spit out some data that I don't know how to 3DES decrypt.
What is the encoding/encrypting sequence here, does the server first encrypt then base-64 encode? So to reverse I need a base-64 decoder that won't choke and then some kind of 3DES decryption tool for the result, does anyone have any suggestions? Or is there
some sourcode code I can use to cobble together a little decrypter of my one?
May 20, 2011 03:01 AM|Mamba Dai - MSFT|LINK
Generally, we should encrypt at first and then encode the object which need to be encrypted. Based on above information, I guess you want to encrypt the view state. so please refer to the paragraph below:
“By default, view state is transmitted as a base-64 encoded string. Although at first glance encoded data is unintelligible, base-64 encoding provides no security because it is easily decoded. If you store sensitive data in view state, you can specify
that ASP.NET encrypts view-state data in addition to validating it. You can specify view-state encryption for all pages of your Web application or for selected pages. For information about this option, see
The paragraph is extracted from this
article(it locates the third row in the first table)
May 22, 2011 06:17 PM|esassaman|LINK
If youi'll re-read my post more carefully you'll see that I'm not asking how to encrypt my viewstate. As I said in my post, it is already being encrypted, in fact I gave you the web.config setting that makes it obvious that it is being ecrypted. I want to
DECRYPT and DECODE my viewstate into human readable format so I can look at it when my web app faults, which I am unable to do.
May 22, 2011 11:27 PM|Mamba Dai - MSFT|LINK
Sorry for my carelessness and i have re-readed your post carefully.
To address your requirement, I think you can try to use
LosFormatter class .
By the way, this
article may help you.