The measures in this section won't have a dramatic effect, especially if you use dynamic file compression. However, they don't take much time, so may still be worthwhile.
If you take a page with input elements and look at its page source, you will probably come across a hidden form field called
This is part of a security feature that was introduced in ASP.NET 2.0. It records all input elements in that hidden form field. This way, after a postback, the page can check whether all incoming data was generated by known input elements. That makes it a bit harder for malicious users to confuse your application with bogus data.
For more information, visit http://www.gdssecurity.com/l/b/2009/03/19/when-aspnet-eventvalidation-doesnt-work/ ...