If you really want to understandViewState (not just what it is used for), then you may want to read this fabulous article(which I, unfortunately, am not the author of :-). Beware, though, it is a bit dated, but still a very good read.

如果您真的想了解ViewState（不仅仅是它的用途），那么您可能想阅读这篇精彩的文章（不幸的是，我不是 :- 的作者）。请注意，虽然它有点过时了，但仍然是一本很好的读物。

View state is a kind of hash map (or at least you can think of it that way) that ASP.NET uses to store all the temporary information about a page - like what options are currently chosen in each select box, what values are there in each text box, which panel are open, etc. You can also use it to store any arbitrary information.

视图状态是一种哈希映射（或者至少您可以这样认为），ASP.NET 使用它来存储有关页面的所有临时信息 - 例如每个选择框中当前选择了哪些选项，那里有哪些值在每个文本框中，哪个面板是打开的等等。您还可以使用它来存储任意信息。

The entire map is serialized and encryptedencoded and kept in a hidden variable that's posted back to the server whenever you take any action on the page that requires a server round trip. This is how you can access the values on the controls from the server code. If you change any value in the server code, that change is made in the view state and sent back to the browser.

整个地图经过序列化和加密编码，并保存在一个隐藏变量中，只要您在页面上执行需要服务器往返的任何操作，该变量就会回传到服务器。这是您如何从服务器代码访问控件上的值。如果您更改服务器代码中的任何值，该更改将在视图状态中进行并发送回浏览器。

Just be careful about how much information you store in the view state, though... it can quickly become bloated and slow to transfer each time to the server and back.

但是，请注意您在视图状态中存储的信息量……它可能很快变得臃肿并且每次传输到服务器并返回时都很慢。

As for encryption, I dont' know how strong it is, but its sure not easily human readable. I wouldn't use it for sensitive information, though. As pointed out in the comments, it's not encrypted at all. Just base encoded, which easily reversible.

至于加密，我不知道它有多强，但它肯定不容易被人类阅读。不过，我不会将它用于敏感信息。正如评论中指出的那样，它根本没有加密。只是基本编码，很容易逆转。

Allow me to share with you what I learned today.

请允许我与您分享我今天学到的东西。

What is ViewState?

什么是视图状态？

Microsoft? ASP.NET view state, in a nutshell, is the technique used by an ASP.NET Web page to persist changes to the state of a Web Form across postbacks.

View State stores the value of page controls as a string which is hashed and encoded in some hashing and encoding technology. It only contain information about page and its controls

微软？简而言之，ASP.NET 视图状态是 ASP.NET 网页使用的一种技术，用于跨回发保留对 Web 窗体状态的更改。

视图状态将页面控件的值存储为一个字符串，该字符串在某些散列和编码技术中进行了散列和编码。它只包含有关页面及其控件的信息

If I have something like this:

如果我有这样的事情：

protected void Page_Load(object sender, EventArgs e)
{
    ViewState["UserName"] = "Shubh Dasgupta";
    ViewState["Password"] = "IAmAPassword";
}

The view state of a page is, by default, placed in a hidden form field named __VIEWSTATE.

默认情况下，页面的视图状态放置在名为 __VIEWSTATE 的隐藏表单字段中。

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" 
     value="/wEPDwULLTE2MTY2ODcyMjkPFgQeCFVzZXJOYW1lBQ5TaHViaCBEYXNndXB0YR4IUGFzc3dvcmQFDElBbUFQYXNzd29yZGRk2/xP37hKKE9jfGYYzFjLuwpi6rHlPdXhfSspF6YRZiI=" />

Read More

阅读更多

How is it encoded? Is it encrypted?

它是如何编码的？是加密的吗？

ViewState is Encoded and not Encrypted by default. Lets take the previous input type value are run the below code:

默认情况下，ViewState 是编码的而不是加密的。让我们以之前的输入类型值运行以下代码：

protected void btnDecode_Click(object sender, EventArgs e)
{
    //txtViewState.Text = "/wEPDwULLTE2MTY2ODcyMjkPFgQeCFVzZXJOYW1lBQ5TaHViaCBEYXNndXB0YR4IUGFzc3dvcmQFDElBbUFQYXNzd29yZGRk2/xP37hKKE9jfGYYzFjLuwpi6rHlPdXhfSspF6YRZiI="
    string str = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(txtViewState.Text));
    lblDecodedString.Text = str;
}

The output for the above code will be ?-1616687229UserNameShubh DasguptaPasswordIAmAPassworddd??O??J(Oc|f?X?? b???=??}+)?f"

上述代码的输出将是 ?-1616687229UserNameShubh DasguptaPasswordIAmAPassworddd??O??J(Oc|f?X?? b???=??}+)?f"

If you read in details of the article I mentioned before, you would come up with the 'Cost Of ViewState' where it is clearly and beautifully written :

如果您阅读我之前提到的文章的详细信息，您会想到“Cost Of ViewState”，它写得清晰而优美：

On all page visits, during the save view state stage the Page class gathers the collective view state for all of the controls in its control hierarchy and serializes the state to a base-64 encoded string. (This is the string that is emitted in the hidden __VIEWSTATE form filed.) Similarly, on postbacks, the load view state stage needs to deserialize the persisted view state data, and update the pertinent controls in the control hierarchy.

在所有页面访问中，在保存视图状态阶段，Page 类为其控件层次结构中的所有控件收集集体视图状态，并将状态序列化为 base-64 编码字符串。（这是在隐藏的 __VIEWSTATE 表单字段中发出的字符串。）同样，在回发时，加载视图状态阶段需要反序列化持久化视图状态数据，并更新控件层次结构中的相关控件。

Try it yourself. Download Sample

自己试试吧。下载示例

It is a hidden field generated by ASP.NET that contains information about all the controls on the page. Ideally the view state should not need to be encrypted, as it should never contain sensitive information. To indicate that the view state should be encrypted, set the <machineKey>element's validation attribute in the machine.configfile to 3DES. There's a nice articleon MSDN describing ViewState.

它是由 ASP.NET 生成的隐藏字段，包含有关页面上所有控件的信息。理想情况下，视图状态不需要加密，因为它不应该包含敏感信息。要指示应加密视图状态，请将文件中<machineKey>元素的验证属性设置machine.config为3DES. MSDN 上有一篇很好的文章描述了 ViewState。

ViewState's not encrypted as default, using base64 encoding. You may want to use viewstate if your page has an action with controls.

ViewState 默认不加密，使用 base64 编码。如果您的页面具有带控件的操作，您可能希望使用视图状态。

ViewState is one technique asp.net uses to enable the postback model. The state for all controls that are marked runat="server"is stored in this base64 string.

ViewState 是asp.net 用来启用回发模型的一种技术。标记的所有控件的状态runat="server"存储在此 base64 字符串中。

This pluralsite articleexplains in more depth

这篇多站点文章更深入地解释