[Strange phenomenon] when accessing some ASP. NET websites through China Unicom, the _ EVENTVALIDATION field is generated, but only :__ VIEWST is used in China Telecom.

Source: Internet
Author: User

[Strange phenomenon] when accessing some ASP. NET websites through China Unicom, the _ EVENTVALIDATION field is generated, but only :__ VIEWSTATE is used in China Telecom. [Normal ]? Why?

You should be familiar with _ VIEWSTATE and _ EVENTVALIDATION.

_ VIEWSTATE

ViewState is a mechanism used in ASP. NET to save the status value when the WEB control is returned. When the web form is set to runat = "server", this FORM is appended with a hidden attribute _ VIEWSTATE. _ VIEWSTATE stores the State values of all controls in ViewState.

ViewState is a field in the Control class. All other controls inherit Control to obtain the ViewState function. Its type is system. Web. UI. StateBag, an object set of name/value.

When requesting a page, ASP. NET serializes the status of all controls into a string and sends it to the client as a hidden property of the form. When the client transfers the page back, ASP. NET analyzes the form attributes returned by the return and assigns them to the corresponding values of the control.

_ EVENTVALIDATION

_ EVENTVALIDATION is only used to verify whether an event is sent from a valid page. It is only a digital signature, so it is generally very short.
The hidden field whose "id" attribute is "_ EVENTVALIDATION" is a newly added security measure of ASP. NET 2.0. This function can block unauthorized requests sent by Potential Malicious users from the browser.

To ensure that each sending and callback event comes from the expected user interface elements, the ASP. NET Runtime Library adds an additional authentication layer to the event. The server verifies the content of the request submitted by the form and matches the information in the hidden field of "_ EVENTVALIDATION" with the "id" attribute. Verify that no additional input fields are added to the browser based on the matching results (This field may be maliciously added to the browser ), the value is selected from the list of known servers. The ASP. NET runtime will create an event validation field during the generation, which is the least time to obtain this information. Like view status, event validation fields contain hash values to prevent browser tampering.
Note: The hidden field "_ EVENTVALIDATION" for the "id" attribute is usually at the bottom of the form. If the form has not been parsed on the browser end, data submission may cause verification failure.


-------------------------------------------------------------------------------
But now I have encountered a strange phenomenon:

[Strange phenomenon] When you access some ASP. NET websites through a China Unicom website, the _ EVENTVALIDATION field is generated. China Telecom only has: __ VIEWSTATE.

// <Input type = "hidden" name = "_ VIEWSTATE" value = "dDwyOTIzOTAzMDY7Oz7al5S42Eis/KzWoHkqurrI/BUCBA ="/>

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.