I'm currently fixing some Security issues in our ASP.net website application. One of the issue was that the ViewState was not encrypted.So i did check on StackOverFlow and elsewhere on how to encrypt the viewState, and i did it using the and adding a 3DES machinekey like this in Web.config .I would like to know if the "EnableViewStateMAC=true" is also compulsorily necessary?? since this was mentioned in some of the suggested solutions i had found online. But, on my checks i found the encryption is working even without this.[NOTE: I had to do these changes at an application level (Web.config) since making individual page changes is not a practical solution for this application.]Thanks in Advance.
Is EnableViewStateMAC=true compulsory for ViewStateEncryption in an ASP.Net Website?
- Thread starter khuraam
- Start date