Skip to main content
BuyLog In
ASP.NET MVC Extensions
Search in…
Docs > Common Concepts > Web.Config Modifications > Web.Config Options > Control State Protection
All docs
V24.1
ASP.NET MVC Extensions
Prerequisites
Supported Browsers
What's Installed
Get Started
Upgrade to a New Version
Common Concepts
Web.Config Modifications
ASPxHttpHandlerModule
ASPxUploadProgressHttpHandler
External Client Libraries
Web.Config Options
Accessibility Compliant
Availability of Themes Assembly
Callback Compression
Control State Protection
Check References To External Scripts
Custom Theme Assemblies
Document Type Mode
Page HTML Compression
Redirection on a Callback Error
Resource Compression
Resource Merging
Right to Left Support
Style Sheet Theme Name
Theme Base Color
Theme Font Settings
Theme Name
configSource Attribute
Use DevExtreme MVC Controls and DevExpress ASP.NET MVC Extensions in the Same Project
Data Binding
Callback-Based Functionality
Client-Side Functionality
Using Extensions in Razor Views
Declaring Server-Side Event Handlers
Templates
Appearance Customization - Theming
Data Annotation Attributes
Accessibility Support
Right to Left Support
Mobile Support
Cookies Support
Localization
Performance Optimization
Office Document Management
Cloud Storage Account Management
Web Farm and Web Garden Support
Components
Security Considerations
Redistribution and Deployment
Troubleshooting
Get More Help
.NET Framework API Reference
Client API Reference
Download CHM

Control State Protection

This option specifies whether the control state information passed to the client side is protected by encryption. Refer to the following help topic for more information: Callback State Encryption.

Name

protectControlState

Declaration

<configuration>
    ...
    <devExpress>
        ...
        <settings protectControlState="true" />
        ...
    </devExpress>
    ...
</configuration>

Note

In order to use the DevExpress Web.config section, register this section group beforehand.

This option is enabled by default.

Important

For security reasons we do not recommend you to set this option to false.

AJAX-enabled DevExpress web components can coordinate their server and client-side representations by passing fragments of their state (callback state) to the client in response to client callbacks. This option allows you to specify whether or not the callback state should be encrypted.

DevExpress configuration section

Corresponding Class

SettingsConfigurationSection