[Strange phenomenon] when accessing some ASP. NET websites through China Unicom, the _ EVENTVALIDATION field is generated, but only :__ VIEWSTATE is used in China Telecom. [Normal ]? Why?
You should be familiar with _ VIEWSTATE and _ EVENTVALIDATION.
_ VIEWSTATE
ViewState is a mechanism used in ASP. NET to save the status value when the WEB control is returned. When the web form is set to runat = "server", this FORM is appended with a hidden attribute _ VIEWSTATE. _ VIEWSTATE stores the State values of all controls in ViewState.
ViewState is a field in the Control class. All other controls inherit Control to obtain the ViewState function. Its type is system. Web. UI. StateBag, an object set of name/value.
When requesting a page, ASP. NET serializes the status of all controls into a string and sends it to the client as a hidden property of the form. When the client transfers the page back, ASP. NET analyzes the form attributes returned by the return and assigns them to the corresponding values of the control.
_ EVENTVALIDATION
_ EVENTVALIDATION is only used to verify whether an event is sent from a valid page. It is only a digital signature, so it is generally very short.
The hidden field whose "id" attribute is "_ EVENTVALIDATION" is a newly added security measure of ASP. NET 2.0. This function can block unauthorized requests sent by Potential Malicious users from the browser.
To ensure that each sending and callback event comes from the expected user interface elements, the ASP. NET Runtime Library adds an additional authentication layer to the event. The server verifies the content of the request submitted by the form and matches the information in the hidden field of "_ EVENTVALIDATION" with the "id" attribute. Verify that no additional input fields are added to the browser based on the matching results (This field may be maliciously added to the browser ), the value is selected from the list of known servers. The ASP. NET runtime will create an event validation field during the generation, which is the least time to obtain this information. Like view status, event validation fields contain hash values to prevent browser tampering.
Note: The hidden field "_ EVENTVALIDATION" for the "id" attribute is usually at the bottom of the form. If the form has not been parsed on the browser end, data submission may cause verification failure.
-------------------------------------------------------------------------------
But now I have encountered a strange phenomenon:
[Strange phenomenon] When you access some ASP. NET websites through a China Unicom website, the _ EVENTVALIDATION field is generated. China Telecom only has: __ VIEWSTATE.
// <Input type = "hidden" name = "_ VIEWSTATE" value = "dDwyOTIzOTAzMDY7Oz7al5S42Eis/KzWoHkqurrI/BUCBA ="/>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
