问题
Due to some security concerns i need to enable View State Encryption. I have viewstate & viewstateMAC turned off but i need to encrypt the "control state" string that is included in the __VIEWSTATE form parameter.
Currently my web.config looks like:
<pages enableViewState="false" enableViewStateMac="false">
When i set the following, in cassini, my viewstate is encrypted:
<pages enableViewState="false" enableViewStateMac="false" viewStateEncryptionMode="Always">
When i make the same change on my IIS 6 server, nothing happens.
I see the app domain recycle(Event: Application '/LM/W3SVC/...' located in 'C:...' initialized for domain '...'). when i touch web.config but i do not get encrypted viewstate as with cassini. I have tried Site Stop/Start, IIS Reset Stop/Start, Clear ASP.NET Temporary file cache. Anyone have any suggestions on what needs to be done to configure this?
回答1:
I ran into a similar problem with this and it came down to the fact that if you pre-compile your site the web.config node for pages is ignored. You have to set those settings at compile to get it working. I know this is year late, but I figure if someone else comes here looking for solution to the problem this might be useful information.
A little blurb about this: http://blogs.msdn.com/b/asiatech/archive/2011/07/19/pages-settings-don-t-work-for-pre-compiled-asp-net-applications.aspx
来源:https://stackoverflow.com/questions/7162083/viewstateencryptionmode-always-not-encrypting