How to encrypt pages in ASP. NET

How to encrypt pages in ASP. NET

 

This section describes ASP. NET's ability to encrypt view information. The page. registerrequiresviewstateencryption method registers the control as the control that requires view State encryption. If you want to develop a custom control for processing potential sensitive information, call the registerrequiresviewstateencryption method to register the control with the page and ensure that the view status information of the control is encrypted.
The registerrequiresviewstateencryption method must be called in or before the prerender stage of the page lifecycle. The following describes how to override the onprerender method in the viewstatecontrol control and add the view encryption function to the added Code Section:
Protected override void onprerender (eventargs E)
{
This. Page. registerrequiresviewstateencryption ();
Base. onprerender (E );
}
Compile the control and run it again in the browser. You can see that the value of the hidden Domain View Control sent to the client is:
<Input type = "hidden" name = "_ viewstate" id = "_ viewstate" value = "/comment + d5a2y6keg5zu + comment + S/comment + d5a2y5lqg6g65zu + signature + d5a2y5lqg6g65zu + 54q25ocblcdnn1_vvizmijhnmotpopzoibllslhmmk/Signature + Signature = "/>
It becomes an encrypted hash code:
<Input type = "hidden" name = "_ viewstate" id = "_ viewstate" value = "j62g77ydi1rdf8 + California/E1A + California + z74cly6/dyz23biaznnydlml/e7mvizss + signature + signature/Signature + signature + qfyjhk2fvbh + signature/fdjekyh + signature/qbvi + s0w1viq/nj/Signature/J + jpnqge + signature/Signature + ucekxqe + signature/n8cdkr2z + k3f3iemxobo + records/bpxysdr9ycnojd/tb6cdi5fus/dgytej2ezt2hopcm758weewbqzug + t1dfezu6 + vicimhdv8ifcwnv + yhw ="
</Div>
You can also specify the encryption mode of view status information, which is set by system enumeration viewstateencryptionmode. This enumeration can control whether to encrypt view status information. It has three enumeration items.
Description of enumeration members
Auto: if the control requests Encryption by calling the registerrequiresviewstateencryption method, the view status information is encrypted; otherwise, the view status is not encrypted. This value is the default value of the page. viewstateencryptionmode attribute.
Always forcibly encrypts view status information, whether or not to call
Never does not encrypt view status even if the control requests encryption.
In addition to settings in the control, you can also configure the application in the configuration file. Program Level, or configure the page level in the page. When using a widget or page, make the following settings:
This. Page. viewstateencryptionmode = viewstateencryptionmode. Auto;
This. Page. registerrequiresviewstateencryption ();
After the above settings, the page framework will automatically complete the encryption and decryption functions. Add two more points to this function:
(1) The encrypted view State will definitely affect the application performance, so be cautious when using it.
(2) As long as any control on the page requires that the view State be encrypted, all view states on the page will also be encrypted. Currently, Asp. net has not implemented the encryption function of a control view on the needle page (the method of the page control page is called, whether in the control or on the page, registerrequiresviewstateencryption, and this method does not have any reload methods ).