Is my VIEWSTATE encrypted?
I'm a little confused. I haven't explicitly set the Web.config <pages ViewStateEncryptionMode="Always" />, and so this MSDN page says that it should default to Auto. This MSDN page says that Auto should cause the viewstate information to be encrypted if a control requests encryption by calling the RegisterRequiresViewStateEncryption method. But, none of my controls call that method. So it looks like my viewstate should, in fact, not be encrypted.
However, when I copy/paste the viewstate into one of the various online viewstate decoders, I'm told that the viewstate serialized data is invalid. So, is my viewstate encrypted or not? Is there some obvious way to tell? Has the default ASP.net behaviour changed to encode the viewstate by defualt unless you disable it?
Answer
If its set to Always or auto, all control state would be encrypted.All controls calling RegisterRequiresViewStateEncryption view state would be encrypted ir-respective of Auto/Always. If your 'custom control' needs encryption call this.
See this on MSDN
If you are developing a custom control that deals with potentially sensitive information, call the RegisterRequiresViewStateEncryption method to register the control with the page and ensure view state for the control is encrypted.
The entire page state will be encrypted if the ViewStateEncryptionMode is set to Auto or Always.