What does the __VIEWSTATE hold?

2019-01-15 07:20发布

问题:

I'm sorry for maybe making such a basic question but in ASP.NET websites what does the __VIEWSTATE input field represent?

Also, is there any way to compute it's value (based on the values of other form fields)?

EDIT

I understand that __VIEWSTATE, as the name suggests, maintains the values of form field values in webpages however what I'm interested in knowing is how this state (the string) is generated. If I base64_decode any __VIEWSTATE string all I see is a bunch of cryptic HTML.

Is there any way to better understand what exactly is being encoded? I've searched on past questions and I've found some tools that can do this like this one, but unfortunately it doesn't seem to work.

The reason I'm asking this is because I've access to a web service API that gives me most of the values I need to work with. However I also need an additional field that is only available on the last stage of the form. I already contacted the web service provider but unfortunately and they're not going to update their API so soon. I was hoping I could prefill the form initial values using the web service data and then calculate the __VIEWSTATE to access the last field that shows up on the last stage of the form, it would make the whole process a lot faster.

Not sure if I made myself clear enough though...

回答1:

Paul Wilson has a very good article: ViewState: All You Wanted to Know

VIEWSTATE can be deserialized with the LosFormatter class.



回答2:

If you really want to understand it well, see Dave Reed's article about ViewState.



回答3:

A quick Google search answers the question:

http://msdn.microsoft.com/en-us/library/ms972976.aspx

First sentence:

Microsoft® ASP.NET view state, in a nutshell, is the technique used by an ASP.NET Web page to persist changes to the state of a Web Form across postbacks.



回答4:

Do take a look at the biter script posted at http://forums.techarena.in/windows-software/1329157.htm.

That script shows how to set up and use __ViewState and other .NET variables.

That script logs into a .NET site, and gets stock values, without going thru a browser. Instead of user doing it manually, the script does it programmatically.



回答5:

What do you mean by compute it's value?

Assume that it is a compressed (actually Base64 encoded) pair of your form fields/values in text form, which gets serialized into server side objects for you to work with.



回答6:

The easiest way of doing this in Razor is putting this on a view:

@{
    throw new Exception();
}