Web
.LosFormatter class. In addition to providing a compressed binary format for an
object??™s data, the LosFormatter class provides additional compression by creating
internal string tables for repeated data. In addition to the data within the viewstate, the
viewstate may also be encrypted and/or signed.
By default, ASP.Net will add an HMAC to the viewstate data, which means that clients
will be unable to tamper with the viewstate. The HMAC is generated by using a
hashing algorithm and a server-side??“specific key. In most installations, the key will be
generated automatically by ASP.Net and developers will not need to pay any attention
in order to receive viewstate integrity protections. A major exception to this are web farm
environments where multiple machines are involved. Since the key is generated per machine
and not available for export, each machine in the web farm will have a separate
key. The lack of a shared key infrastructure means that any machine in the web farm will
be unable to verify the signature on a viewstate-generated by ASP.Net installations on
other machines.
To handle this situation, developers can manually generate a key and specify the key
in the machineKey element of the web.
Pages:
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254