[AspNetAnyQuestionIsOk] How far can you rely on IsPostBack Property?

Thu, 13 Jan 2005 22:33:16 -0800 


After some working on how asp.Net, and how asp is recognaizing
the postpack data i found out something strange things,
this is a very elaberate, and something important to say so.

i have created two files like this:

------------------------------------

    "temp1.aspx" 
   --------------

<form id="temp1" method="post" runat="server">
<asp:Button id="Button2" runat="server" Text="Button2" />
<asp:Button id="Button1" runat="server" Text="Button1" />
<asp:TextBox id="TextBox1" runat="server"></asp:TextBox>
</form>

---------------------------------------

    "temp1.aspx.cs" : CodeBehind
    --------------

private void Page_Load(object sender, System.EventArgs e)
{
        if(!IsPostBack)
                Response.Write("FirstTime");
        else
                Response.Write("PostedBack");
}

void TextChanged(object o, EventArgs e) 
{ 
        Response.Write("TextChanged"); 
}                       
                
private void Button1_Click(object sender, System.EventArgs e)
{
        Response.Write("Button1.Clicked");
}

private void Button2_Click(object sender, System.EventArgs e)
{
        Response.Write("Button2.Clicked");
}               

---------------------------------------

Open the file for first time

then copy value of "__VIEWSTATE" of the file from source.

close browser

reopen the brower 
in address bar type like this

post the copied viewstate value here
 
[PATH]/temp1.aspx?__VIEWSTATE=dDwtMjAxNjA2MTk0Mjs7Pl0mbPe897rhmgXaxN%2BAocIRMW3B
&Button2=Button2

check the output

yout may see it like this:

   PostedBackButton2.Clicked

---------------------------------------
try this

[PATH]/temp1.aspx?__VIEWSTATE=dDwtMjAxNjA2MTk0Mjs7Pl0mbPe897rhmgXaxN%2BAocIRMW3B
&Button2=Button2&TextBox1=somevalue

[PATH]/temp1.aspx?__VIEWSTATE=dDwtMjAxNjA2MTk0Mjs7Pl0mbPe897rhmgXaxN%2BAocIRMW3B
&Button1=Button1&Button2=Button2&TextBox1=somevalue

[PATH]/temp1.aspx?__VIEWSTATE=dDwtMjAxNjA2MTk0Mjs7Pl0mbPe897rhmgXaxN%2BAocIRMW3B
&Button1=Button2&Button2=Bu&TextBox1=somevalue

PostedBackTextChangedButton2.Clicked
    
---------------------------------------

in those case the "IsPostBack" value became true.

and event's got executed, which it should not

after this you may come to a situation where you can't rely on 

IsPostBack property.

so i neeed an alternative to this.

and also i need to know how far is this vulnerable to Hacker's as they
can override 

client validation of validation control's. and 
IsPostBack property.

---------------------------------------













 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 

















    











					Reply via email to