Page.EnableViewStateMac Property

Gets or sets a value indicating whether ASP.NET should check message authentication codes (MAC) in the page's view state when the page is posted back from the client.

Namespace:  System.Web.UI
Assembly:  System.Web (in System.Web.dll)

Syntax

[BrowsableAttribute(false)]
public bool EnableViewStateMac { get; set; }

<asp:Page EnableViewStateMac="True|False" />

Property Value

Type: System.Boolean
true if the view state should be MAC checked and encoded; otherwise, false. The default is true.

Remarks

A view-state MAC is an encrypted version of the hidden variable that a page's view state is persisted to when the page is sent to the browser. When this property is set to true, the encrypted view state is checked to verify that it has not been tampered with on the client.

Do not set this property in code. Set the EnableViewStateMac attribute using the @ Page directive in the .aspx file. When the page is requested, the dynamically generated class sets the property.

Security Note
This attribute should never be set to false in a production Web site.

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

See Also

Reference

Page Class

System.Web.UI Namespace

EnableViewState

Protects Event Validation Too!

Although ViewStateMac sounds like it would only protect the viewstate, it is also used to protect the Event Validation (__EVENTVALIDATION) property as well.  It is important to enable this even if View State is not used in the application.