How to make ViewState secure in ASP.NET

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Default11 : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void SubmitButton_Click(object sender, EventArgs e)
    {
        string base64ViewState =@"/wEPDwULLTEwMjc4OTM5MzIPFgIeBHRlc3QFHW9tdmVlciBzaW5naCBpcyBhbiBlbmdpbm5lciAhFgICAw9kFgICAw8PFgIeBFRleHQFHW9tdmVlciBzaW5naCBpcyBhbiBlbmdpbm5lciAhZGRkyOFGkSuL2fAAQOKxFSLR8uu9I8U=";
            string decodedstring=Decode(base64ViewState);
    }

    public string Decode(string str)
    {
        byte[] decbuff = Convert.FromBase64String(str);
        return System.Text.Encoding.UTF8.GetString(decbuff);

    }
}

you can use this link.. http://www.codeproject.com/Articles/150688/How-to-make-ViewState-secure-in-ASP-NET

Access ViewState Across Pages

Access ViewState Across Pages

We can access the viewstate variables across pages. This is possible when we use Cross Page Posting or Server.transfer to redirect the other pages

Ex :
Here I have created two aspx pages named:

   1. First.aspx: This page sets the ViewState variable and transfers the user to another page by using the Server.transfer.
   2. Second.aspx: This page accesses the ViewState variable of First.aspx page.

First.aspx :

public partial class First : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        ViewState["Page1"] = "My First page";
        Server.Transfer("Second.aspx");
    }

    public StateBag FirstViewState()
    {
        return ViewState;
    }
}


StateBag class: This class is the primary storage mechanism for all HTML and Web server controls. It stores attribute/value pairs as strings associated with the control. It tracks changes to these attributes only after the OnInit method is executed for a page request, and saves the changes to the page's or control's viewstate.


Second.aspx :

public partial class Second : System.Web.UI.Page
{
    private StateBag firstPageViewstate
    {
        get
        {
            StateBag returnValue = null;
            if (PreviousPage != null)
            {
                Object objPreviousPage = (Object)PreviousPage;
                MethodInfo objMethod = objPreviousPage.GetType().GetMethod                                             ("FirstViewState");
                return (StateBag)objMethod.Invoke(objPreviousPage, null);
            }
            return returnValue;
        }
    }

    protected void Page_Load(object sender, EventArgs e)
    {
        if (PreviousPage != null)
        {
            if firstPageViewstate != null)
            {
                Label1.Text = firstPageViewstate["Page1"].ToString();
            }
        }
    }
}


Using Previous Page, we can find the controls of the previous page. For example, one can access Label control placed in ViewStateContainer Page in current Page.